Privacy Policy
1. DEFINITIONS
1.1 Controller or Answear - Answear.com Spółka Akcyjna (Joint Stock Company) with a seat in Kraków (31-564), 18 Pokoju Avenue, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for Kraków-Śródmieście in Kraków, XI Economic Department under KRS number 0000816066, NIP: 6793080390, REGON: 122515020.
1.2 Personal Data - information about a natural person identified or identifiable by one or more factors specific to physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, Internet identifier and information collected through cookies and other similar technology.
1.3 Policy - this Privacy Policy, which contains information about the processing of Personal Data and the use of cookies and similar tracking technologies on the Service.
1.4. GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in relation to the processing of Personal Data and on the free movement of such data and repealing Directive 95/46/EC.
1.5. Service or Website - the webService operated by the Controller in the domain https://releases.prm.com, accessible through web browsers.
1.6 Store - prm.realeses.com online store available through the Service, through which the Controller sells goods at a distance.
1.7 User - any natural person visiting the Service or using one or more of the services or functionalities described in the Policy.
1.8. Device - means an electronic device through which the User accesses the Service,
1.9. Terms&Conditions – Store regulations, available at https://releases.prm.com/a/terms-and-conditions .
1.10. Goods – goods offered by the Administrator through the Store.
1.11. Raffle - selection of your entitlement to conclude a contract for the purchase of Goods in the Store in accordance with the Terms & Conditions
2. GENERAL INFORMATION
2.1 In connection with your use of the Service, we collect data needed to provide the services offered, as well as information about your activity on the Service. In this regard, we are the Controller of your Personal Data and we attach great importance to its adequate protection. We make sure that the data processing we carry out complies with the relevant legal regulations, in particular with the GDPR. Our goal is to enable you to be fully informed regarding our processing of your Personal Data and to provide you with tools to exercise your rights. Please see below for information on how we process your Personal Data. For information about processing of personal data of U.S. Users, please see Section 13 below.
2.2 We process your Personal Data in accordance with the law ensuring that it remains current and correct. Therefore, from time to time, we may remind you to update them by sending a message to the email address you have provided to us or by displaying a corresponding message on the Service when you log into your account.
3. HOW CAN I CONTACT THE CONTROLLER AND DPO?
3.1 If you have any questions about our processing of your Personal Data or wish to exercise your rights, please write directly to our Data Protection Officer at: privacy.releases@prm.com (this email address is not used for cooperation and marketing offers, such messages will be ignored by our request handling system) or to the address of our registered office (Aleja Pokoju 18, 31-564 Krakow), or use the contact form.
3.2. For information about processing personal data of U.S. Users, please see Section 14 below.
4. HOW DO WE OBTAIN YOUR PERSONAL DATA?
4.1 We obtain your Personal Data directly from you in order to provide our services properly and to operate our Service efficiently. You provide us with your data primarily through dedicated forms when you make purchases in our Store, which is operated under the Terms and Conditions of the Store, subscribe to our newsletter or contact us, e.g. through the contact form. We also receive your data when you use other services available on the Service, e.g. browse products offered in the Store.
5. IS IT MANDATORY TO PROVIDE PERSONAL DATA?
5.1 It is up to you to decide if and what Personal Data you provide to us - it is not mandatory. Remember, however, that in some cases providing Personal Data is necessary for the proper implementation of the services offered by us or conditions the conclusion and performance of the contract, which is described in detail below.
6. HOW DO WE PROCESS YOUR PERSONAL DATA?
USE OF THE SERVICE
6.1. when you use the Service and you are not a registered User (i.e. you do not have an account on the Service), your Personal Data (including your IP address or other identifiers and information collected through cookies or other similar technologies) is processed by us:
6.1.1. for the purpose of providing electronic services to you in terms of providing you with the content collected on the Service - in which case the legal basis for the processing is the necessity of the processing for the performance of the contract (Article 6.1.b of the GDPR);
6.1.2. for analytical and statistical purposes - then the legal basis for processing is the Controller's legitimate interest (Article 6(1)(f) GDPR), consisting of conducting analyses of Users' activities, as well as their preferences in order to improve the functionalities used and services provided;
6.1.3. for the purpose of possible establishment and investigation of claims or defense against claims - the legal basis of the processing is the legitimate interest of the Controller (Article 6(1)(f) GDPR), consisting of protecting its rights and business interests;
6.1.4. for marketing purposes of the Controller and other entities, in particular related to the presentation of behavioral advertising - the principles of processing Personal Data for marketing purposes are described in the MARKETING section.
6.2 Your activity on the Website, including your Personal Data, is recorded in system logs (a special computer program used to keep a chronological record containing information about events and activities that relate to the computer system used to provide our services). The information collected in the logs is processed primarily for purposes related to the provision of services. We also process them for technical, administrative purposes, for the purpose of ensuring the security of the IT system and the management of this system, as well as for analytical and statistical purposes - in this regard, the legal basis for processing is the Controller's legitimate interest (Article 6(1)(f) GDPR).
REGISTRATION AND ACCOUNT MAINTENANCE
6.3 When registering an account with the Store, we ask you to provide data necessary to create and operate an account. In order to facilitate the service, you may provide additional data, thereby consenting to its processing. Such data can be deleted at any time. Provision of data marked as mandatory is required to create and operate an account, and failure to provide such data will result in the inability to create an account. Provision of other data is voluntary.
6.4 Your Personal Data is processed:
6.4.1. for the purpose of providing services related to the maintenance and operation of your account on the Website - the legal basis for processing is the necessity of processing for the performance of the contract (Article 6.1.b GDPR), and with regard to data provided optionally - the legal basis for processing is consent (Article 6.1.a GDPR);
6.4.2. for analytical and statistical purposes - the legal basis for processing is the legitimate interest of the Controller (Article 6.1.f GDPR), consisting of conducting analysis of Users' activity on the Website and the way they use their account, as well as Users' preferences in order to improve the functionalities used;
6.4.3. for the purpose of possible establishment and assertion of claims or defense against claims - the legal basis of the processing is the Controller's legitimate interest (Article 6(1)(f) GDPR), consisting of protecting its rights and business interests;
6.4.4. for marketing purposes of the Controller and other entities - the principles of processing Personal Data for marketing purposes are described in the MARKETING section.
6.4.5. for the purposes of ensuring registration security - the legal basis for the processing is the Administrator's legitimate interest (Article 6(1)(f) of the GDPR) in preventing spam, fraud and misuse while using reCAPTCHA Enterprise service.
We would also like to inform you that the data about the device and application used for registration, as well as the results of security checks, are passed to Google Ireland Ltd. for the purpose of providing, maintaining and improving the reCAPTCHA Enterprise service, as well as for general security purposes. For more information on Google's data processing, please refer to Google's "Privacy Policy" and "Terms of Service".
6.5 If the User posts any Personal Data of other persons (including their name, address, telephone number or e-mail address) on the Website, he/she may do so only under the condition that he/she does not violate the laws and personal rights of such persons.
PLACING ORDERS
6.6 Placing an order for goods or services offered by us by you involves the processing of your Personal Data. Provision of data marked as mandatory is required in order to accept and process your order, and failure to provide such data will result in failure to process your order. Provision of other data is optional.
6.7 Your Personal Data is processed:
6.7.1. in order to enable you conclude a contract for the purchase of Goods in connection with your participation in the Raffle – the legal basis for processing is the necessity of processing for the performance of the contract (Article 6.1.b GDPR),
The Controller informs that an element of the process of placing an order in the Store (concluding a contract to purchase the Goods) is the User's participation in the Raffle. The mechanisms of the algorithms used by the Controlller in the Raffle make the selection of the party to the purchase contract is impartial, unbiased, random and objective. Consequently, the User is subject to a decision based solely on automated processing, including profiling which produces legal effects by selecting the User as a party to the contract of purchase of the Goods.
In case of any objections, you have a right to express your point of view, contest a decision based on an automated data processing and obtain human intervention regarding automated decision-making. If you wish to exercise these rights, please see section “Complaint and Returns” and points 12 and 14 below.
6.7.2 for the purpose of processing your order - the legal basis for processing is the necessity of processing for the performance of the contract (Article 6.1.b GDPR); with regard to data provided optionally, the legal basis for processing is your consent (Article 6.1.a GDPR);
6.7.3. for the purpose of fulfilling statutory obligations incumbent on the Controller, arising in particular from tax and accounting regulations - the legal basis for processing is a legal obligation (Article 6(1)(c) GDPR);
6.7.4. for analytical and statistical purposes - the legal basis of processing is the Controller's legitimate interest (Article 6.1.f GDPR), consisting of conducting analysis of Users' activity on the Website , as well as Users' shopping preferences in order to improve the applied functionalities;
6.7.5. for the purpose of possible establishment and investigation of claims or defense against claims - the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) GDPR), consisting of the protection of its rights and business interests.
COMPLAINTS AND RETURNS
6.8 Your submission of a complaint or return involves the processing of your Personal Data. Providing data in the complaint form is not mandatory, but necessary for the proper processing of the complaint. Providing data in the return form is not mandatory, but necessary for effective withdrawal from the contract.
6.9. Your Personal Data is processed:
6.9.1. for the purpose of processing a filed complaint - the legal basis for the processing of your Personal Data is the Controller's obligation under the law on warranty for defects of a sold item (Article 6.1.c GDPR);
6.9.2. for the purpose of handling returns - the legal basis for the processing of your Personal Data is the Controller's obligation under consumer law (Article 6(1)(c) GDPR), if the basis for the return is the law on the right of withdrawal, or the necessity of the processing for the performance of the contract (Article 6(1)(b) GDPR), if the basis for the return is the regulations of our Store;
6.9.3. for the purpose of fulfilling other statutory obligations incumbent on the Controller, arising in particular from tax and accounting regulations - the legal basis for processing is a legal obligation (Article 6(1)(c) GDPR);
6.9.4. for analytical and statistical purposes - the legal basis of processing is the Controller's legitimate interest (Article 6.1.f GDPR), consisting of conducting analysis of Users' activity on the Website, as well as Users' shopping preferences in order to improve the applied functionalities;
6.9.5. for the purpose of possible establishment and investigation of claims or defense against claims - the legal basis of the processing is the legitimate interest of the Controller (Article 6(1)(f) GDPR), consisting of the protection of its rights and business interests.
CONTACT FORM
6.10. We provide the possibility to contact us via a contact form. Using the form requires providing Personal Data necessary to contact you and respond to your inquiry. Provision of data marked as mandatory is required in order to accept and service your inquiry, and failure to provide such data will result in the impossibility of service. Provision of other data (e.g. in the content of your inquiry) is voluntary.
6.11. Your Personal Data is processed:
6.11.1. for the purpose of identifying and handling your inquiry sent through the form provided - the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting of the need to resolve the reported matter and correspondence addressed to him in connection with his business activities;
6.11.2. for analytical and statistical purposes - the legal basis of the processing is the Controller's legitimate interest (Article 6(1)(f) GDPR), consisting of keeping statistics on queries submitted by Users via the Service in order to improve its functionality.
7. MARKETING
7.1 We process your Personal Data to carry out marketing activities, which may consist of:
7.1.1. displaying to you marketing content corresponding to your interests (behavioral advertising);
7.1.2. carrying out activities related to direct marketing of goods and services (sending commercial information by e-mail and telemarketing activities).
7.2 In order to carry out marketing activities, in some cases we use profiling. This means that through automatic data processing we evaluate selected factors concerning you in order to analyze your behavior or create a forecast for the future. This allows us to better tailor the content displayed to your individual preferences and interests.
BEHAVIORAL ADVERTISING
7.3 We and our trusted partners process your Personal Data, including Personal Data collected through cookies and other similar technologies, for marketing purposes in connection with targeting you with behavioral advertising (i.e., advertising that is tailored to your preferences). The processing of Personal Data then includes profiling, with the consequence only of displaying tailored advertising based on your Personal Data acquired by us and our partners.
7.4 A list of the Controller's trusted partners can be found below in the section "Information about the use of cookies" under the tab "Our Partners".
DIRECT MARKETING
7.5 If you have given your consent, your data may be used by us to direct marketing content to you through various channels, i.e. by email (in the form of a newsletter), by MMS / SMS or by telephone. The legal basis for the processing of your data in this case is the legitimate interest of the Controller (Article 6(1)(f) GDPR) in connection with the consent you have given, consisting of marketing the goods and services offered. Such activities are undertaken by us only if you have given your consent, which you may withdraw at any time. You can withdraw your consent at any time by clicking on the link that we send in each email containing commercial information, by contacting us at the email address: privacy.pl@prm.com (this email address is not used to send cooperation and marketing offers, such messages will be ignored by our request handling system) or by using the contact form. Withdrawal of consent does not affect the correctness of data processing in the period before its withdrawal.
7.6 We may also carry out direct marketing via snail mail to the postal address you have provided. The legal basis for the processing of your data in this case is the legitimate interest of the Controller (Article 6.1.f GDPR), consisting of marketing the goods and services offered. You may object at any time to the processing of your data for this purpose. You can express your objection by contacting us at the email address: privacy.releases@prm.com (this email address is not used for cooperation and marketing offers, such messages will be ignored by our request handling system) or by using the contact form.
PUSH NOTIFICATIONS
7.7 If you have given separate consent to receive push notifications, you may receive notifications in the form of messages displayed in the web browser you are using, containing marketing content related to our offers, services and promotions. The legal basis for the processing of your Personal Data for this purpose is the legitimate interest of the Controller (Article 6(1)(f) of the DPA), consisting of marketing the goods and services offered in connection with your consent to receive communications in the form of push notifications. You may withdraw your consent to receive push notifications at any time. Withdrawal of consent does not affect the lawfulness of the processing carried out before its withdrawal. You can withdraw your consent by changing the settings in the web browser you are using.
GOOGLE ADS CUSTOMER MATCH
7.8 Marketing of the products and services offered by us may be carried out using the Google Ads Customer Match tool. Google Ads Customer Match is a tool that allows the Controller to load a hashed database of email addresses (customer list) into Google's tools to verify that user accounts have been created on Google services using the same email addresses (e.g. YouTube, Gmail, others). If the coincidence of e-mail addresses is confirmed, the users of Google services may be displayed advertisements of the Controller after logging in. Information on displaying ads according to the established list of customers can be found at the following link: https://support.google.com/google-ads/answer/7474263.
7.9 In order to increase the accuracy of measuring the effectiveness of our marketing activities using Google Ads Customer Match described above, we will also use a tool provided by Google in the form of the so-called "enhanced conversion". This tool allows the Administrator to increase the accuracy of measuring conversions (i.e., the purchase of an item on the Store website as a result of a redirectfrom another website). In order to use it, we load conversion data from the Store's website in encrypted form (including data in terms of email addresses), in a way that ensures privacy, i.e. using a one-way encryption algorithm. Information on augmented conversions can be found at the link: Enhanced Conversions - Google Ads - Help.
FACEBOOK CUSTOM AUDIENCE
7.10 Marketing of products and services offered by us may be carried out using the Facebook Custom Audience tool. Facebook Custom Audience is a tool that allows the Controller to load a hashed database of email addresses into Facebook tools in order to check whether user accounts with the same email addresses have been created on the Facebook platform. If the matching email addresses are confirmed, users of the Facebook platform can be shown the Controller's ads after logging in. For more information on custom audiences, click here: https://pl-pl.facebook.com/business/help/341425252616329?id=2469097953376494.
8. PROCESSING OF DATA OF VISITORS TO THE CONTROLLER'S SOCIAL NETWORK PROFILES
8.1 The Controller has public profiles on social networks Facebook, Instagram, LinkedIn, Pinterest, YouTube. In this regard, it processes data left by visitors to these profiles (in particular, comments, preferences, online identifiers).
8.2 Personal data of such visitors is processed:
8.2.1 so that they can be active in the profiles;
8.2.2 in order to effectively run the profiles by providing social media users with information about the Controller’s initiatives and other activities, as well as in connection with the promotion of various events, services and products;
8.2.3 for statistical and analytical purposes;
8.2.4 data may be processed for the purpose of asserting potential claims or defending against claims.
8.3 The legal basis for the processing of Personal Data is the legitimate interest of the Controller (Article 6.1 f. RODO) consisting of:
8.3.1 to promote its own brand and improve the quality of its services,
8.3.2 conduct activity and preference analysis,
8.3.3 if necessary in the event of a claim or defense against a claim.
NOTE: The above information does not apply to the processing of personal data by social media administrators.
9. INFORMATION ON THE USE OF "COOKIES".
WHAT ARE COOKIES?
9.1 Cookies (a.k.a. "cookies") are small text files that are saved and stored on the devices through which you use the Website. Cookies collect information that facilitates the use of the Website - for example, by remembering the User's visits and actions performed by the User. The cookies we use are safe for the User's Device. In particular, by this means it is not possible for viruses or other unwanted software or malware to get into the Users' Devices. These files allow us to identify the software used by the User and customize the operation of the Website individually for each User.
TYPES OF COOKIES USED BY THE CONTROLLER
9.2 We use the following types of cookies:
9.2.1 Required cookies are necessary for the proper functioning of the Website. Thanks to these files, the Controller can ensure that such activities are carried out in a secure manner, such as processing a User's order, "remembering" a logged-in User on the Website after moving to another page, or automatically filling in address data when shopping. Blocking these cookies in the User's browser may result in malfunctioning of the Website. These cookies are required and it is not possible to deactivate them.
Specific purposes of using technical cookies:
a) to ensure the security and reliability of the Service;
b) to perform the processes necessary to ensure the full functionality of the Service, including but not limited to:
- adapting the content of the Website in order to ensure that the User can make full use of the functionalities provided and optimizing the use of the Website 's pages. In particular, these files allow for recognition of the basic parameters of the User's Device and appropriate display of the Website;
- Enabling the use of the "Clipboard" and "Shopping Cart" functions on the Website.
9.2.2 Analytical cookies are used by the Controller both to analyze the behavior of Users on the Website for business purposes and to understand how Users use the Website. This makes it possible to identify which functionalities need to be improved or updated. Information obtained by the Controller through analytical cookies is anonymous - on their basis the Controller is not able to identify the User from whom the information was obtained.
9.2.3 Personalization cookies allow analysis of Users' behavior on the Website and their shopping preferences, which makes it possible to provide Users with personalized product suggestions, make changes within the functionalities of the Website and post sponsored content. Data obtained through such cookies may also be used to improve existing systems and software and develop new solutions and functionalities.
9.2.4 Advertising cookies allow the Controller to customize the advertisements displayed to the Users' preferences and interests, i.e. to target the Users with the so-called behavioral advertising. With their help, entities cooperating with the Controller, such as Google, Facebook or Instagram operators, will be able to appropriately adjust the displayed advertising content so that it is tailored to the User's preferences.
COOKIE STORAGE PERIOD
9.3 The cookies described above can be divided into two types due to their storage period:
9.3.1. session cookies are stored on the User's Device and remain there until the session of a given browser ends. The stored information is then permanently deleted from the Device's memory.
9.3.2 Permanent cookies are stored on the Device until they are deleted. Ending the session of a given browser or switching off the Device does not delete them. If the User does not delete permanent cookies from his/her Device, they will be stored for up to 60 days after their entry.
MANAGEMENT OF COOKIES ON THE SERVICE
9.4 Only required cookies are necessary for the proper operation of the Service. With regard to other types of cookies, you may consent to their use, but it is not mandatory. You can manage the extent of our use of analytical, personalization and advertising cookies by giving or withdrawing your consent to their use. You have the ability to manage your consents to specific types of cookies at any time using the panel we provide. The panel can be called up through the "Your cookies" tab located in the footer of the Website.
OUR PARTNERS
9.5 Some cookies are placed on the Website by external entities - partners cooperating with us. The current list of partners with whom we cooperate in the use of cookies, along with the category of cookies placed by them, can be found in the table below. In turn, you can find detailed information in this regard in the privacy policy of a given partner.
Partners | Privacy Policy | Category | Cookie life time |
ExpertSender S.A. (Expert Sender) | https://expertsender.com/privacy-policy/ | Analytics | 60 days |
Meta Platforms, Inc (Facebook) | https://www.facebook.com/privacy/policies/cookies/ | Advertising | 60 days |
Google Ireland Ltd (Google Ads) | https://business.safety.google/privacy/ | Advertising | 60 days |
Google Ireland Ltd (Google Analytics) | https://business.safety.google/privacy/ | Analyrics | 60 days |
Akamai Technologies, Inc (mPulse) | https://www.akamai.com/legal/privacy-statement | Analytics | 60 days |
Braze, Inc. (Braze) | https://www.braze.com/company/legal/privacy | Personalisation | 60 days |
10. TO WHOM WILL WE TRANSFER YOUR PERSONAL DATA?
10.1 We may transfer your Personal Data to entities with which we cooperate in the provision of our services.
10.2. Depending on the method of delivery or return of purchased goods you have chosen, we will transfer your data necessary for the delivery or return of goods to one of the entities with which we cooperate in this regard. If you use the geolocation service to find stationary delivery points, your Personal Data will also be transferred to location service providers.
10.3 Depending on the method of payment you have chosen for the purchased goods, we will transfer your data necessary for collection or payment to one of the entities with which we cooperate in payment processing.
10.4 If you agree to receive commercial information to the e-mail address or telephone number you provided, we will provide your data to the entities that provide the service of sending commercial information on our behalf, i.e. in particular:
10.4.1. LINK Mobility Poland sp. z o. o. based in Gliwice;
10.4.2. ExpertSender S.A. based in Gdynia;
10.5 In addition, your data will be transferred to entities that process your Personal Data on our behalf to the extent necessary to host the Store's Website, in particular:
10.5.1. 3S Data Center S.A. based in Katowice, Poland.
10.6 We may also provide your Personal Data to other entities with whom we establish cooperation, including legal and tax advisors, as well as those providing accounting, IT, logistics and marketing services.
10.7 We also have the right to disclose selected information concerning our Users to competent authorities or third parties who make a request for such information, based on an appropriate legal basis and in accordance with the provisions of applicable law.
11. HOW LONG WILL WE PROCESS YOUR PERSONAL DATA?
11.1 The period for which we process your data depends on the type of service provided and the purpose of the processing. As a general rule, data shall be processed for the duration of providing the service or fulfilling the order, until the withdrawal of the consent you have given, or until you make an effective objection to the processing of your data in cases where the legal basis for data processing is the legitimate interest of the Controller.
11.2 The period of data processing may be extended in cases where the processing is necessary for the establishment and assertion of possible claims or defense against claims, and thereafter only in the case and to the extent required by law. After the expiration of the processing period, the data shall be irreversibly deleted or anonymized.
12. WHAT RIGHTS DO YOU HAVE IN CONNECTION WITH THE PROCESSING OF YOUR PERSONAL DATA?
12.1 In connection with our processing of your Personal Data, you have the following rights:
12.1.1. the right to be informed about the processing of your Personal Data - on this basis, the Controller shall provide you with information about the processing of your Personal Data, including, in particular, the purposes and legal grounds for the processing, the scope of the data held, the entities to which they are disclosed, and the planned date of deletion of the data;
12.1.2. the right to obtain a copy of your data - on this basis the Controller provides you with a copy of your Personal Data processed by him;
12.1.3. the right to rectification - the Controller is obliged to remove any inconsistencies or errors in the processed Personal Data and to complete it if it is incomplete;
12.1.4. right to erasure - on this basis, you may request the erasure of data whose processing is no longer necessary to carry out any of the purposes for which they were collected;
12.1.5. the right to restrict processing - if you make such a request, the Controller shall cease performing operations on your Personal Data - with the exception of operations to which you have given your consent, and the storage of data, in accordance with the adopted retention rules - or until the reasons for restricting data processing cease to exist (e.g., a decision is issued by a supervisory authority authorizing further data processing);
12.1.6. the right to data portability - on this basis - to the extent that the data are processed by automated means in connection with the concluded contract or consent given - the Controller shall release the data provided by you, in a computer-readable format. It is also possible to request that the data be sent to another entity, provided, however, that there are technical capabilities in this regard both on the part of the Controller and yours;
12.1.7. right to object to the processing of data for marketing purposes - you may object at any time to the processing of your Personal Data for marketing purposes, without having to justify such objection;
12.1.8. right to object to other purposes of processing - you may object at any time, on grounds related to your particular situation, to the processing of your Personal Data that is carried out on the basis of a legitimate interest of the Controller (e.g. for analytical or statistical purposes or for reasons related to the protection of property); an objection in this regard should contain a justification;
12.1.9. right to withdraw consent - if the data is processed on the basis of your consent, you have the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing carried out before its withdrawal;
12.1.10. right to complain - if you consider that the processing of your Personal Data violates the provisions of the GDPR or other regulations on the protection of Personal Data, you may file a complaint with the supervisory authority for the processing of Personal Data, which has jurisdiction over your habitual residence, place of work or place where the alleged violation was committed. In Poland, the supervisory authority is the President of the Office for Personal Data Protection (2 Stawki Street, 00-193 Warsaw),
12.1.11. the right to obtain human intervention on the part of the Controller, to express one's position and to challenge decisions based solely on automated processing – in accordance with par. 6.7.
SUBMISSION OF REQUESTS RELATED TO THE EXERCISE OF RIGHTS
12.2 You may exercise some of the above rights yourself. If you have an account with the Store, you can always access your Personal Data and correct and update it.
12.3 You can make a request regarding all of the above rights by contacting our Data Protection Officer at the email address: privacy.releases@prm.com (this email address is not used for cooperation and marketing offers, such messages will be ignored by our request handling system) or to our registered office address (18 Pokoju Avenue, 31-564 Krakow), and using our contact form.
12.4 We will try to fulfill your request as soon as possible and provide you with answers to your questions regarding the processing of your data. You will receive a response within 30 days of our receipt of your request. If it turns out that due to the complicated nature of the request or the number of requests we have received, we are not able to provide you with information about the actions taken within this period - we will inform you about the extension.
12.5 If we have doubts as to whether you are the one making a particular request, we may ask you some additional questions to enable us to verify your identity. It is not mandatory to provide such data, but failure to do so will result in denial of your request. We may also need additional information to determine the exact content of your request.
12.6 A request may be made in person or through a proxy (such as a family member). For reasons of data security, we encourage you to use a power of attorney in a form certified by a notary public or authorized legal counsel or attorney, which will expedite verification of the authenticity of the request.
12.7 In the case where the request is addressed to us electronically, we will respond in the same form, unless the applicant requests a response in another form. In other cases, we will respond in writing. If the timing of the request makes it impossible to respond in writing, and the extent of the applicant's data processed by us makes it possible to contact us electronically, we will respond electronically.
12.8 We store information about the request made and the person who made the request in order to ensure that compliance can be demonstrated and for the purpose of establishing, defending or asserting possible claims by data subjects. The register of requests shall be stored in a manner that ensures the integrity and confidentiality of the data contained therein.
13. ADDITIONAL INFORMATION FOR U.S. USERS
13.1. Cross-context behavioral advertising. We may collect and share for cross-context behavioral advertising the following personal information [and sensitive personal information categories listed in Section (PRIVACY RIGHTS OF U.S. USERS) below. If you are a U.S. resident, please see Section (PRIVACY RIGHTS OF U.S. USERS) below on how to exercise your right to opt-out of sharing your personal information and limit the use of your sensitive personal information.
13.2. Child Privacy. The Services are not directed toward children under 13 years of age nor do we knowingly collect personal information about children under 13. If you are under 13 years of age, you are not permitted to submit any person information to us, including your name, address, telephone number, e-mail address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete it immediately. If a parent or guardian becomes aware any of his/her children has submitted personal information to us, please immediately notify us at privacy.releases@prm.com
13.3. Your Privacy Rights. For more information on your privacy rights and how to exercise them please refer to Section (PRIVACY RIGHTS OF U.S. USERS) below.
PRIVACY RIGHTS OF U.S. USERS
The CCPA, CPRA, and some other state privacy laws provide consumers with specific rights regarding their personal information. This Section describes your rights and explains how to exercise those rights.
Right to know what information we collect, with whom we share your information, and the right to data portability. You may request that we disclose to you the categories of personal information we collect about you, the categories of sources from which we collected that personal information, the categories of personal information we sold or disclosed, our business or commercial purposes for collecting and selling such personal information, the categories of third parties with whom we shared such personal information, and the specific pieces of personal information we collected about you over the past 12 months. You may also request to receive a copy of certain personal information we process about you. You have the right to receive this information in a structured, commonly used and machine-readable format. You also have the right to request that we transfer that personal information to another party, with certain exceptions according to relevant laws and regulations. We will provide further information to you about this if you make such a request.
Right to request deletion of your information. You may request we delete some or all of the personal information we maintain about you, subject to certain exceptions. If we cannot delete your personal information, we will give you a reason why we cannot do so. For security reasons, you or your authorized agent may be asked to verify your/their identity. Note that some personal data may be retained as permitted by law (e.g. to comply with legal obligations, to prevent fraud, etc.). We will delete or deidentify personal information not subject to certain exceptions from our records and will direct our service providers to take similar action.
Opt-out of “sale”/ “sharing” of your personal information. For purposes of this Policy, “sell” or “share” means the sale of your personal information to an outside party for monetary or other valuable consideration, subject to certain exceptions in the CCPA, CPRA or other applicable privacy laws.
To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by contacting us at the details set out in Section 15 CONTACTS FOR U.S. USERS
Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize personal information sales. However, you may change your mind and opt back in to personal information sales at any time by contacting us at the details set out in Section 15 CONTACTS FOR U.S. USERS
You do not need to create an account with us to exercise your opt-out rights. We will only use personal information provided in an opt-out request to review and comply with the request.
Right to correct inaccurate personal information. Taking into account the nature of the personal information and the purposes of the processing, this right provides an individual with the ability to seek to correct or update personal data that individual considers that we hold about that individual.
Right to limit use of sensitive information. This right is limited to sensitive personal information used for the purpose of inferring characteristics about an individual.
To exercise the right to limit use and disclosure of sensitive personal information, you (or your authorized representative) may submit a request to us by contacting us at the details set out in Section 15 CONTACTS FOR U.S. USERS.
Right to appeal. Certain state privacy laws provide you with a right to appeal any decision or indecision related to the exercise of your rights.
Right of Non-Discrimination and Non Retaliation. This right prohibits (a) denying an individual access to or use of goods and services, (b) charging different prices or rates for those goods and services, and/or (c) providing a different level or quality of those goods or services, as a result of the individual exercising any right under any data protection and privacy laws and/or regulations. We will not discriminate against you because you made any of these requests. We will not: (i) deny you goods or services; (ii) charge you different prices or rates for those goods or services, including through granting discounts or other benefits, or imposing penalties; (iii) provide you a different level or quality of our goods or services, or (iv) suggest that you may receive a different price or rate for our goods or services or a different level or quality of our goods or services.
We may deny certain requests, or fulfill a request only in part, based on our legal rights and obligations. For example, we may retain personal information as permitted by law, such as for tax or other record keeping purposes, to maintain an active account, to process transactions and facilitate customer requests, and/or to protect against fraud and other misuse of our Services. We will take reasonable steps to verify your identity prior to responding to certain of your requests. The verification steps will vary depending on the sensitivity of the personal information. In some locations, you may designate an authorized agent to make a request on your behalf. When submitting such a request, please ensure you have adequately identified and authorized anyone acting on your behalf.
Shine the Light. California's “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Services that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an e-mail to privacy.releases@prm.com or write us at: Attn: Legal Department, Al. Pokoju 18, 31-564 Kraków, Poland, Data Protecting Officer.
Response Timing and Format. We will confirm receipt of your request to know, correct, delete and/or seek any request under the relevant U.S. state privacy law(s) within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact us at privacy.releases@prm.com. We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of receipt. If we require more time (up to another 45 days), we will timely inform you of the reason(s) and extension period in writing. We may choose to verify your identity before responding to any such request.
14. CONTACTS FOR U.S. USERS
To exercise your rights described above or get an answer to a question concerning the processing of your Personal Data, please submit a request by either:
Emailing us at privacy.releases@prm.com . Please note: this email address is not used for cooperation and marketing offers, such messages will be ignored by our request handling system.
Submitting a request through an online form here
Postal Address: Aleja Pokoju 18 (18 Pokoju Avenue), Krakow (31-564), Poland.
15. CHANGES TO THE PRIVACY POLICY
13.1 The Policy shall be reviewed on an ongoing basis and updated as necessary. The current version of the Policy was adopted and is effective as of 09.09.2024.