The Administrator of your personal data is Bookscout Ltd. with its registered office at ul. Lanca 2/5, 10-529 Olsztyn, registered in the entrepreneurs’ register maintained by the District Court in Olsztyn, 8th Commercial Department of the National Register Courthouse under the number KRS: 0000632723, TIN: PL7393979615, REGON: 524435910.
Respecting your rights as data subjects (individuals whose data is being processed) – pursuant to Art. 13 (1) and (2) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as GDPR), the Act on the Protection of Personal Information (hereinafter referred to as the Act), and other relevant provisions on the protection of personal data, we are committed to maintaining the security and confidentiality of the personal data obtained from you. All employees have been properly trained in the processing of personal data, and our company, as a Personal Data Administrator, has implemented appropriate safeguards and technical and organizational measures to ensure the highest level of personal data protection. We have implemented procedures and policies for the protection of personal data in accordance with the GDPR, through which we ensure the legality and reliability of data processing, as well as the enforceability of any rights you have as a data subject. Additionally, if necessary, we cooperate with the supervisory authority in the Republic of Poland, namely the President of the Personal Data Protection Office (hereinafter referred to as PUODO).
Any inquiries, requests, complaints regarding the processing of personal data by our company (the Personal Data Administrator), hereinafter referred to as Submissions, should be addressed to the following email address: firstname.lastname@example.org or in writing to the address of the Personal Data Administrator: ul. Lanca 2/5, 10-529 Olsztyn. The Submission should clearly indicate the following:
(a) The personal data of the individual(s) to whom the Submission relates,
b) The event that is the reason for the Submission,
c) Present your requests and their legal basis,
d) Specify the expected resolution of the matter.
In our website, we collect the following personal data: (a) First and last name – In order to use the Services of our Website, you will be asked to provide your first and last name so that we can provide the services and so that we can contact you. b) Phone number – There may be instances where we need to call you in case of unexpected events while offering the most beneficial solution. c) Address – It is necessary for the correct issuance of a VAT invoice in the case of those who use the Premium Account feature. d) Email address – We send service confirmations related to the services you will be using on our website via email, and we also contact you in case there is a need related to the processed order. If you have subscribed to our newsletter, we will also send you commercial information once or twice a month. e) Tax Identification Number – We collect the Tax Identification Number from businesses using the Premium Account. f) IP address of the device – Information such as IP addresses (and other information contained in system logs), resulting from general rules of Internet connections, is used by the administrator of the website for technical purposes. IP addresses may also be used for statistical purposes, including gathering general demographic information (e.g., the region from which the connection originates).
Providing the data indicated in the preceding paragraph is necessary in the following cases:
for the purpose of registering you in our database and creating an Account, which is voluntary; in this situation, we store the data you provide in our database in order to facilitate your use of the services of our Service; in this case, we do not collect your address, phone number and Tax Identification Number from you,
in order to use the Premium Account feature by business entities, which is voluntary,
in order to carry out the newsletter (subscription) service – if you wish to be informed about interesting events and commercial offers, you can become a subscriber to the newsletter we run; joining the subscription is voluntary and you can unsubscribe from it at any time. Subscribing to the newsletter does not require your address, telephone number or Tax ID number.
Your personal data is processed by our company as the Personal Data Administrator for the purpose of providing services offered within the scope of the website and mobile applications. In accordance with the principle of minimization, we process only those categories of personal data that are necessary to achieve the purposes referred to in the preceding sentence.
We process personal data for the time necessary to achieve the purposes listed in the preceding paragraph. Personal data may be processed for a period longer than that indicated in the preceding sentence, where such a right or obligation imposed on the Personal Data Administrator arises from specific legislation or where the service we provide is of a continuous nature (e.g., newsletter subscription).
The source of the Personal Data processed by the Administrator is the data subjects.
Your personal data shall not be transferred to third parties within the meaning of the provisions of the GDPR.
We do not share any personal data with third parties without the express consent of the data subject. Personal data without the consent of the data subject may be shared only with public law entities, i.e. authorities and administration (e.g., to tax authorities, law enforcement agencies and other entities authorized by generally applicable laws).
Personal data may be entrusted for processing to entities processing such data on behalf of our company as the Personal Data Administrator. In such a case, as the Personal Data Administrator, we enter into an entrustment agreement with the Processor for the processing of personal data. The Processor shall process the entrusted personal data, but only for the purposes, to the extent and for the purposes indicated in the entrustment agreement referred to in the preceding sentence. Without entrusting your personal data for processing, we would not be able to conduct our business on the Website or mobile applications. As a Personal Data Administrator, we entrust personal data for processing to entities providing services necessary for the ongoing operation of the Website.
Personal data is not subject to profiling by the Personal Data Administrator.
In accordance with the provisions of the GDPR, any person whose personal data we process as a Personal Data Administrator has the right to:
a) access to their personal data, as referred to in Art. 15 GDPR – when you provide us with personal data, you have the right to inspect and access it; however, this does not mean that you have the right to access all documents on which your data appears, as they may contain confidential information; you do, however, have the right to know what your data is and for what purpose we process it, and the right to obtain a copy of your personal data, with the first copy issued free of charge, and for each subsequent copy, in accordance with GDPR regulations, we charge an appropriate administrative fee corresponding to the cost of making the copy,
b) to correct, supplement, update, rectify personal data, as referred to in Art. 16 GDPR – if your personal data has changed, please inform us as the Personal Data Administrator of this fact, so that the data in our possession will be in accordance with the actual state and up-to-date; also, if there has been no change in personal data, but for any reason the data is incorrect or has been recorded incorrectly (e.g., due to a clerical error), please inform us in order to correct or rectify such data,
c) deletion of data (right to be forgotten), as referred to in Art. 17 GDPR – in other words, you have the right to request the ‘deletion’ of data held by us as Data Administrator, and the right to request that we, as Data Administrator, inform other administrators to whom we have provided your data of the need to delete it. You may request deletion of your personal data primarily when:
the purposes for which the personal data was collected have been achieved, e.g., we have fulfilled the sales contract concluded with you in full,
the basis for the processing of your personal data was solely consent, which was subsequently withdrawn and there are no other legal grounds for further processing of your personal data, e.g. if you unsubscribe from our newsletter and no longer use our company’s offerings in any other ways,
you have lodged an objection based on Art. 21 GDPR and you believe that we do not have any overriding legal grounds to continue processing your personal data,
your personal data has been processed unlawfully, i.e. for unlawful purposes or without any basis for processing your personal data – please note that in this case you must have a basis for your request,
the need to delete your personal data arises from the law,
you are a person under the age of 13,
d) limitation of processing, as referred to in Art. 18 GDPR – you can apply to our company with a request to restrict the processing of your personal data (which would consist in the fact that, until the dispute is resolved, our company would primarily only store it), if:
you question the accuracy of your personal data, or
you believe that we are processing your data without a legal basis, but at the same time you do not want us to delete the personal data (i.e., you do not exercise the right referred to in the preceding letter), or
you have filed an objection referred to in the letter f) of this clause, or
your personal data are needed to establish, assert or defend claims, e.g., before a court of law,
e) data portability, as referred to in Art. 20 GDPR – you have the right to obtain your data in a computer-readable format and the right to send such data in such format to another administrator; you have this right only if the basis for the processing of your data was consent or the data was processed by automated means,
f) to object to the processing of personal data, as referred to in Art. 21 GDPR – you have the right to object if you do not agree with our processing of your personal data that we have so far processed for legitimate purposes consistent with the law,
g) not to be subject to the proﬁling referred to in Article. 22 in connection. from Art. 4 point 4 of the GDPR – you will not be subjected to automated decision-making or profiling within the meaning of the GDPR in our Website, unless you consent to it; in addition, we will always inform you about profiling, should it take place,
h) lodge a complaint to the supervisory authority (i.e., the President of the Personal Data Protection Office) referred to in Art. 77 GDPR – if you believe that we are processing your personal data unlawfully or in any way violating your rights under generally applicable data protection laws.
With respect to the right to erasure (right to be forgotten), we point out that under the provisions of the GDPR, you do not have the right to exercise this right if:
a) the processing of your personal data is necessary to exercise your right to freedom of expression and information, e.g. if you have posted your data on a blog, in comments, etc,
b) the processing of personal data is necessary for our company to comply with legal obligations under the law – we cannot delete your data for the period of time necessary to comply with obligations (e.g., tax obligations) imposed on us by law,
c) the processing of your data is carried out for the purpose of investigating, establishing or defending claims.
If you wish to exercise your rights referred to in the preceding paragraph, please use the appropriate tabs on the Website, which allow you to delete your account and data collected on our Website, or send a message by e-mail to the following email address: email@example.com.
Each identified security breach shall be documented, and in the event of the occurrence of one of the situations specified in the provisions of the GDPR or the Act, the data subjects and, if applicable, the PUODO shall be informed of such breach of data protection regulations.