The data controller for personal data collected through the website www.grandefinale.co.uk is Gabriela Myślak, conducting business under the name Grande Finale, with registered address at Jacka Malczewskiego 150, 80-112 Gdańsk, and correspondence address at Jacka Malczewskiego 150, 80-112 Gdańsk. The Tax Identification Number (NIP) is 5931625851, and the National Business Registry Number (REGON) is 191471850. The company is registered in the Central Register and Information on Economic Activity. The email address for contact is email@example.com. In the following text, Gabriela Myślak will be referred to as the “Controller.”
The personal data collected by the Controller through the website is processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), commonly referred to as GDPR, as well as the Personal Data Protection Act of 10 May 2018.
Types of Personal Data Processed, Purpose, and Scope of Data Collection
Purpose of Processing and Legal Basis
The Controller processes personal data through the website www.grandefinale.co.uk for the following purposes, based on the legal grounds indicated:
The processing of personal data provided by the user through the contact form is based on art. 6 ust.1 lit. RODO, which refers to the legitimate interests pursued by the Controller.
The processing of personal data when a user subscribes to the Newsletter for the purpose of receiving commercial information electronically is based on the user’s explicit consent, in accordance with art.6 ust 1 lit a)RODO.
Types of Personal Data Processed: The Administrator processes the following categories of user’s personal data:
name and surname,
Data Retention Period: The Administrator stores personal data of users for the following period:
In the case where the legal basis for data processing is the performance of a contract, the personal data will be retained for as long as necessary to fulfill the contractual obligations. After that period, the data will be retained for a duration corresponding to the statute of limitations for potential claims. Unless specified otherwise by specific regulations, the general statute of limitations is six years, while for claims related to periodic services and business activities, it is three years.
In the case where the legal basis for data processing is consent, the personal data will be retained until the consent is withdrawn. After the withdrawal of consent, the data will be retained for a period corresponding to the statute of limitations for potential claims that can be raised by the Controller or against the Controller. Unless specified otherwise by specific regulations, the general statute of limitations is six years, while for claims related to periodic services and business activities, it is three years.
During the use of the website, additional information may be collected, including but not limited to: the IP address assigned to the user’s computer or the external IP address of the Internet service provider, domain name, browser type, access time, and operating system type.
Navigational data, including information about the links and references that users choose to click on or other actions taken on the website, may also be collected. The legal basis for such activities is the legitimate interest of the Controller, as stated in Article 6(1)(f) of the General Data Protection Regulation (GDPR). This legitimate interest is aimed at facilitating the use of electronically provided services and improving the functionality of these services.
Providing personal data by the user is voluntary.
Personal data will also be processed in an automated manner through profiling, provided that the user gives consent based on Article 6(1)(a) RODO). The consequence of profiling will be the creation of a profile assigned to a specific individual for the purpose of making decisions, conducting analysis, or predicting preferences, behaviors, and attitudes.
The Controller takes special care to protect the interests of the individuals whose data is processed, ensuring that the collected data is:
processed Lawfully and Transparently
The personal data is collected for specific, lawful purposes and is not subjected to further processing that is incompatible with those purposes.
The personal data is substantively accurate and relevant in relation to the purposes for which it is processed. It is stored in a form that allows the identification of the individuals to whom it pertains, for no longer than is necessary to achieve the processing purpose.
Sharing of Personal Data
The personal data of users is shared with service providers utilized by the Controller for the operation of the website. Depending on contractual agreements and circumstances, these service providers may either process the personal data on behalf of the Controller (as data processors) according to the Controller’s instructions regarding the purposes and methods of processing, or they independently determine the purposes and methods of processing as data controllers.
The personal data of users is stored exclusively within the European Economic Area (EEA).
If personal data is to be transferred outside the European Economic Area (EEA), it will only be done with your consent, based on standard contractual clauses or other safeguards provided for in the GDPR, including fulfilling the necessary information obligations. Your data may be transferred to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Right to Control, Access, and Rectify Personal Data
The person whose data is being processed has the right to access the content of their personal data and the right to rectify, erase, restrict the processing, and the right to data portability. They also have the right to object to the processing of their personal data and the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
The legal bases for user requests are as follows:
Right to Access: The right to access personal data is based on Article 15 of the General Data Protection Regulation (RODO).
The right to rectify personal data – art. 16 RODO.
The right to request the erasure of personal data – art. 17 RODO.
The right to restrict processing is based on – art. 18 RODO.
The right to data portability is based on> – art. 20 RODO.
The right to object – art. 21 RODO
The right to withdraw consent is based on – art. 7 ust. 3 RODO.
To exercise the rights mentioned in point 2, you can send a relevant email message to the following address: firstname.lastname@example.org.
If a user exercises their rights based on the aforementioned rights, the Controller will either fulfill the request or provide a refusal without undue delay, but no later than one month after receiving the request. However, if the request is complex or there are multiple requests, the Controller may require an additional two months to fulfill the request. In such cases, the user will be informed of the intended extension and the reasons for it within one month of receiving the initial request.
In the event that an individual finds that the processing of their personal data violates the provisions of theRODO, they have the right to lodge a complaint with the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych).
The Administrator’s website uses “cookies.”
The installation of “cookies” is necessary for the proper provision of services on the website. The “cookies” contain information that is necessary for the correct functioning of the website and also allow for the compilation of general statistics on website visits.
ChatGPT Within the website, two types of “cookies” are used: session cookies and persistent cookies.
“Session cookies” are temporary files that are stored on the user’s end device until they log out (leave the website).
Persistent cookies” are stored on the user’s end device for a specific period defined in the parameters of the “cookies” or until they are deleted by the user.
The Controller uses its own cookies to better understand user interaction with the website’s content. These cookies collect information about the user’s usage of the website, such as the type of page from which the user was redirected, the number of visits, and the duration of the user’s visit. This information does not record specific personal data of the user but is used to compile statistics on website usage.
The user has the right to decide on the access of “cookies” to their computer by making a prior selection in their browser settings. Detailed information on the options and methods for managing “cookies” can be found in the software settings of the internet browser.
The Controller implements technical and organizational measures to ensure the protection of processed personal data that is appropriate to the risks and categories of data being protected. In particular, the Controller safeguards the data against unauthorized access, unauthorized disclosure, processing in violation of applicable laws, as well as alteration, loss, damage, or destruction.
The Controller provides appropriate technical measures to prevent unauthorized acquisition and modification of personal data transmitted electronically by unauthorized individuals.