Privacy policy - Sonarol

The confidentiality of data and the protection of our customers' privacy is our priority. Therefore, for the sake of security of your personal data stored in Sonarol sp.j. Najda, ul. Polna 27, 18-420 Jedwabne, a policy has been established that defines the rules on personal data processing method.

We process your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as “GDPR”).

Personal Data Controller.

The controller of your personal data is "Sonarol" Sp.j. partnership seated in Jedwabne at the address 
ul. Polna 27, 18-420 Jedwabne (hereinafter referred to as the “Controller”).

The Controller has appointed a Data Protection Officer, who can be contacted by email: iod@sonarol.pl or by post by sending correspondence to: Sonarol Sp.j. Najda, ul. Polna 27, 18-420 Jedwabne (hereinafter referred to as the “Controller”).
Contacting the Controller.
In all matters related to the processing of personal data, you can contact the Controller at the above-mentioned registered office address or via email: iod@sonarol.pl  

Source of obtaining personal data.

Personal data is obtained directly from you or from third parties / entities, such as the entity on whose behalf you are acting or our Partners, as well as from other publicly available records. We also obtain information from completed contact forms or through cookies.

Scope of personal data processed.

When you contact the Controller using the website or contact information provided at the website, the Controller processes the data you provide in order to establish contact, including your name, e-mail address or telephone number, the content of the question you asked or the issue you raised, and possibly other data you provided. In connection with the use of cookies for statistical purposes, the Controller may process the following data: IP address, duration of a given session, frequency of site visits. 

Purpose and legal grounds for processing personal data.

 

Purpose of data processing	Legal grounds
Providing a response to the person or contacting back the person who made contact with the Controller.	Legitimate interest of the Controller - Article 6(1)(f) of GDPR.
Actions aiming at conclusion, as well as the actual conclusion and performance of the contract - in the even of you being a party to the contract.	Data processing being necessary for the conclusion and performance of the contract - Article 6(1)(b) of GDPR.
Providing the contact data necessary for the service and implementation of the contract entered into with the entity on whose behalf you are acting, and to maintain business relations.	Legitimate interest of the Controller - Article 6(1)(f) of GDPR.
Conduct activities that make up the streamlining and coordination of the Controller's work, including the recording of correspondence.	Legitimate interest of the Controller - Article 6(1)(f) of GDPR.
Handling of possible complaints, as well as the establishment, investigation and defence against claims.	Legitimate interest of the Controller - Article 6(1)(f) of GDPR.
Fulfilment of legal obligations imposed on the Controller, concerning, among other things, the maintenance of accounting and bookkeeping records, as well as the exercise of data subjects' rights.	Fulfilment of a legal obligation incumbent on the Controller - Article 6(1)(c) of GDPR.
Conducting direct marketing activities.	Legitimate interest of the Controller - Article 6(1)(f) of GDPR.
Conducting the recruitment process and selecting a suitable person for employment.	To the extent arising from Article 22(1) of the Labor Code, the legal grounds stem from the legal obligation incumbent on the Controller (Article 6(1)(c) of GDPR). This includes such data as name(s), date of birth and contact information indicated by the job candidate. When it is necessary for a performing certain type of work or on a certain position - this also applies to information about education, professional qualifications and the course of previous employment. The legal obligation incumbent on the Controller also includes the data, the provision of which is necessary to exercise a right or fulfil an obligation under the law. If a job candidate provides personal data in a scope broader than specified in provisions of the labour law, the legal grounds for their processing for the above purpose is the candidate's consent (Article 6(1)(a) of GDPR). This applies to any data provided by a job candidate in a resume (CV), cover letter or shared during interviews.
Gathering information about the site's traffic statistics.	Legitimate interest of the Controller - Article 6(1)(f) of GDPR
Implementation of people's requests, processing of requests for personal data.	Performance of the legal obligation to process your application (Article 6(1)(c) of GDPR).

Personal data profiling.

Your personal data will not be used for making automated decisions, including profiling.

Recipients of personal data.

The recipients of your personal data will be:

1. Controller's authorised personnel,
2. entities that process personal data on behalf of the Controller for the fulfilment of the purposes for which the data is collected (in particular, entities that provide IT solutions and IT and technical support services). These entities need to have access to the data to perform their duties. These entities will have access to personal data only to the extent necessary to conduct the tasks incumbent upon them.
3. public authorities and entities performing public tasks or acting on behalf of public authorities, to the extent and for the purposes that result from the provisions of generally applicable law.

Period of storage of personal data.

The period of data processing is related to the purposes and grounds for processing, and therefore:

1. data processed on the basis of statutory requirements will be processed for the period of time for which the law prescribes the retention of the data;
2. data processed for the purpose of concluding and executing a contract will be processed for the period necessary for its execution and settlement, which may be extended, if applicable, by the limitation period for civil law claims.
3. data processed on the basis of the Controller's legitimate interest will be processed until an objection is successfully made or the interest ceases to exist, e.g. data processed for the purpose of asserting or defending against claims will be processed for a period equal to the limitation period for such claims.
4. data processed on the basis of consent will be processed until such consent is withdrawn.
5. personal data processed for recruitment purposes will be kept until the recruitment process in which you participate is completed. In the case of additionally expressed consent to use the data for future recruitment purposes, your data will be stored for a period of 9 months. 

Is it your obligation to provide your personal information?

Your provision of personal data is voluntary. However, it is necessary for the purpose you wish to fulfil, including, for example, the use of the service, the conclusion of a contract, or the response to your inquiry or an issue you raised.

The Controller indicates that the provision of personal data indicated in Article 22(1) of the Labour Code by the candidate is mandatory under the applicable labour laws. Their failure to do so will result in the inability to participate in the ongoing recruitment process. The candidate's provision of personal data beyond the scope of Article 22(1) of the Labour Code is voluntary. The Controller declares that the failure to provide such data cannot be the basis for unfavourable treatment of a person applying for employment, nor can it cause any negative consequences against them. In particular, it cannot be a reason justifying the refusal of employment.

Rights vested.

You are entitled to:

1. request access to your personal data, data rectification, data erasure or restriction of data processing, as well as the right to data portability,
2. where the basis for the processing of personal data is the legitimate interest of the Controller - the right to object at any time to the processing of personal data on grounds related to the particular situation of the person,
3. where the legitimate interest consists in conducting direct marketing activities - the right to object at any time to the processing of personal data for the purpose of conducting marketing activities, without having to justify your decision,
4. revoke consent at any time without affecting the lawfulness of the processing conducted on the basis of consent before its revocation,
5. lodge a complaint to the supervisory authority, i.e., the President of the Office for Personal Data Protection.

You can submit a request for the exercise of your rights to the contact data provided in the introduction.

COOKIES

What are cookies and what are they used for?

Cookies are files sent by a web server to your browser and stored on your computer. These cookies help us analyse web traffic and recognize which part of our website was visited. Our website also uses such files to be able to address each User individually, customizing activities for specific Users by collecting and remembering information about preferences and to enable account login. This information is used only for statistical data analysis. Then it is deleted from our systems.

Cookies do not allow us to access your computer or information about you except for information about how you use our Website and personal information you choose to share with us (including personal information you provide to us because of your browser settings).

In order to monitor and improve our website, we collect aggregate information about Users as they browse our pages, including details of the operating system, browser version, domain name, IP address, the URL from which Users enter our website and which pages of our websites they visit. We may keep general statistics, collect website traffic data and information about related websites and share this aggregate data with third parties for marketing, advertising or other promotional purposes, but this aggregate data does not contain any personal information. For the same reasons, we may collect information about how Users use the Internet through the use of cookies stored on your computer's hard drive. Cookies contain information that is transferred to the User’s computer hard drive. This helps us to improve our Website and offer better and more personalized services.

What kind of cookies do we use?

We use the following cookies:

Essential cookies.

Cookies of this type are necessary to navigate and use our website, providing, for example, access to secure areas of the site.

Statistical cookies.

Cookies of this type help website owners understand how different users behave on the site by collecting and reporting anonymous information.

Preferential (functional) cookies. 

Cookies of this type help us improve the effectiveness of our marketing activities and adapt them to your needs and preferences, e.g. by remembering any choices you make on the website pages. 

Marketing cookies.

Marketing cookies are used to track users on websites. Their goal is to display ads that are relevant and interesting to individual users and thus more valuable to third-party publishers and advertisers.

 

Cookie name	Domain	Validity period	Category	Description
_GRECAPTCHA	www.google.com	180 days	Functional	Ensuring protection against spam.
cookies_informer	sonarol.pl	365 days	Essential	Support for displaying a cookie message.
sonarol_session	sonarol.pl	2h	Essential	User Session ID.
XSRF-TOKEN	sonarol.pl	2h	Essential	Security against XSRF attacks.
_ga	.sonarol.pl	400 days	Analytics	ID used for identifying users.
_gid	.sonarol.pl	1 day	Analytics	ID used for identifying users up to 24 hours after last activity.
_fbp	.sonarol.pl	90 days	Marketing	Recording and tracking user visits to sites.
_gat_gtag_UA_141125829_1	.sonarol.pl	1 minute	Analytics	Used for setting and retrieving tracking data.
_ga_K717J70R3V	.sonarol.pl	400 days	Analytics	ID used for identifying users.
SSID	.google.pl and google.com	400 days	Marketing	Downloads specific Google tools and saves settings, such as the number of results per page or activation of the SafeSearch filter. Customizes the ads displayed in Google search.
__Secure-1PAPISID	.google.pl and google.com	400 days	Marketing	Used for creating a user profile and displaying personalized Google ads.
__Secure-3PAPISID	.google.pl and google.com	400 days	Marketing	Profiling site visitors to deliver personalized ads through retargeting.
APISID	.google.pl and google.com	400 days	Marketing	Downloads specific Google tools and saves settings, such as the number of results per page or activation of the SafeSearch filter. Customizes the ads displayed in Google search.
HSID	.google.pl and google.com	400 days	Marketing	Downloads specific Google tools and saves settings, such as the number of results per page or activation of the SafeSearch filter. Customizes the ads displayed in Google search.
__Secure-1PSID	.google.pl and google.com	400 days	Marketing	Used for creating a user profile and displaying personalized Google ads.
SAPISID	.google.pl and google.com	400 days	Marketing	Downloads specific Google tools and saves settings, such as the number of results per page or activation of the SafeSearch filter. Customizes the ads displayed in Google search.
SID	.google.pl and google.com	400 days	Marketing	Downloads specific Google tools and saves settings, such as the number of results per page or activation of the SafeSearch filter. Customizes the ads displayed in Google search.
__Secure-3PSID	.google.pl and google.com	400 days	Marketing	Profiling site visitors to deliver personalized ads through retargeting.
NID	.google.pl and google.com	183 days	Marketing	A cookie used for collecting statistics, tracking conversions and personalising Google ads.
1P_JAR	.google.com	30 days	Marketing	Cookies set by YouTube video players embedded in the page. They record anonymous statistical data.
CONSENT	.google.com	400 days	Functional	Storage of consent information.
NID	.google.com	183 days	Marketing	Profiling site visitors to deliver personalized ads through retargeting.
SOCS	.google.com	395 days	Functional	Stores the user's cookie-related choices.
xs	.facebook.com	365 days	Marketing	Used along with the c_user cookie for authenticating a Facebook user.
datr	.facebook.com	400 days	Marketing	Used for preventing the creation of fake/spam accounts. The cookie is linked to the browser and not individual users.
c_user	.facebook.com	365 days	Marketing	Used in conjunction with the xs cookie for authenticating a Facebook user.
sb	.facebook.com	400 days	Marketing	Used for browser identification, authentication, marketing and other Facebook functions.
oo	.facebook.com	400 days	Marketing	Cookie optout for ads.
AEC	google.com	180 days	Functional	A cookie used for ensuring that requests made in a session are made by the user and not other parties. The cookie stops malicious sites from performing actions without the user's knowledge.
__Secure-ENID	google.com	396 days	Marketing	Used for securing digitally signed and encrypted data from Google's unique identifier and storing the last login time, which Google uses in order to identify visitors, prevent fraudulent use of login data and protect visitor data from unauthorized parties. It can also be used for targeting purposes to display relevant and personalized advertising content.
IDE	.doubleclick.net	390 days	Marketing	A cookie used in order to target, analyse and optimize campaigns in DoubleClick/Google Marketing Suite.
DV	google.com	1 hour	Marketing	A cookie used for collecting statistics, tracking conversions and personalising Google ads.
OGPC	google.com	30 days	Marketing	A cookie used by Google for storing your preferences when you browse Google's mapped pages.
SIDCC	google.com	365 days	Marketing	Downloads specific Google tools and saves settings, such as the number of results per page or activation of the SafeSearch filter. Customizes the ads displayed in Google search.
__Secure-1PSIDCC	google.com	365 days	Marketing	Used for creating a user profile and displaying personalized Google ads.
__Secure-1PSIDTS	google.com	365 days	Marketing	Used for creating a user profile and displaying personalized Google ads.
__Secure-3PSIDCC	google.com	365 days	Marketing	Used for creating a user profile and displaying personalized Google ads.
__Secure-3PSIDTS	google.com	365 days	Marketing	Used for creating a user profile and displaying personalized Google ads.
presence	facebook.com	Session	Functional	Stores the user's chat status.
wd	facebook.com	7 days	Functional	Stores the dimensions of the browser window and is used by Facebook to optimize the display of the page.

Analytics and marketing tools used by us and our trusted partners.

Please note that third parties (including Facebook, Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, hereafter referred to as Facebook, and Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereafter referred to as Google), may use cookies and similar technologies to collect or receive information from the Website or Application and other places on the Internet and use them to provide measurement services and ad targeting. By managing your cookie settings, you can choose whether you consent to the collection and use of information for ad targeting.

Google Analytics.

The Website uses Google Analytics, which is an online web statistics and web analytics tool that gives insight into the Website's data traffic, provided by Google. We use this tool to create statistics for the purpose of adapting the content of our web pages to Users' preferences and continuously optimising them.

You can prevent the installation of cookies by using the appropriate setting of your Internet browser. You can also prevent Google from collecting data collected through cookies and about your use of the Website by installing a plugin for your browser than blocks embedding of Google Analytics scripts, which is available here. You can find more information about Google Analytics here.

Due to the use of the Google Analytics tool, personal data obtained in connection with the use of the website may be transferred outside the European Economic Area. The transfer of personal data in such a case is based on the standard contractual clauses concluded by the Controller with the tool provider. We encourage you to read the contents of the agreement on the processing of personal data, including the content of the standard contractual clauses constituting a part of it.

Information on how Google uses the data collected when you use its partners' sites and applications is available here.

Facebook's business tools.

In connection with the use of Facebook's business tools, we and Facebook serve as joint controllers within the meaning of Article 26(1) of GDPR, based on agreements between the joint controllers entered into for the purpose of defining the respective responsibilities within the scope of ensuring compliance with the obligations under GDPR. In accordance with these arrangements, we are responsible for providing you with the following information:

The use of business tools constitutes pursuit of the legitimate interests of the Controller and our trusted partners (Article 6(1)(f) of the RODO), consisting in conducting marketing activities (behavioural advertising) and measuring the effectiveness of advertisements.

For more information on data processing, see Facebook's Data Policy (including information that Facebook is a Joint Controller, information required by Article 13(1)(a) and (b) of GDPR, information on how Facebook processes data, the legal grounds, and how to enforce data subjects' rights against Facebook) at this link: https://www.facebook.com/about/privacy.

Facebook is responsible for ensuring that the rights of data subjects are enforced in accordance with Articles 15-20 of GDPR with respect to personal data stored by Facebook after joint processing.

Facebook also acts as our processor and may transfer personal data outside the European Economic Area. The transfer of personal data may take place on the basis of an adequacy decision (regarding appropriate degree of protection) taken by the European Commission or on the basis of standard contractual clauses in accordance with the European Commission's decision, or on the basis of your explicit consent.

In connection with the transfer of data to the United States, the Controller has taken care to use only suppliers that provide guarantees of a high degree of protection of personal data. These guarantees derive, in particular, from suppliers' participation in the   "EU-US Data Privacy Framework" program, established under the Commission (EU) Decision of 10th July 2023, stating that an adequate level of personal data protection is provided by the so-called "EU-US Data Privacy Framework."

You can manage your privacy settings from your Facebook account.

Facebook Pixel.

This is an analytics tool available within Facebook that helps measure the effectiveness of ads based on analysis of Users' actions on the Service, provided by Facebook, Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland), as well as enabling Facebook to target personalized ads to you. This tool collects information about your use of the Site, which is then transmitted to Facebook's servers. Keep in mind that Facebook may combine it with other information it has acquired in connection with your use of Facebook and then use it for its own purposes (including marketing).

Other information.

Our website will display a message before information in the form of cookies is stored on your computer. Pop-ups or banners are also used to enable you to manage cookies.  You can manage your cookie settings through your browser (which allows you to disable the acceptance of all or some cookies). The browser may request confirmation of the change in settings. Please note that if you enable the blocking of all cookies, you may not be able to access certain parts of our Website. Please note that third parties may also use cookies to analyse how you use their websites, over which we have no influence.

How can we regulate the essence of cookies ourselves while browsing the site?

1. Google Chrome - click on the menu and select the Settings tab => Show advanced settings. In the "Privacy" section, click the Content Settings button. In the "Cookies" section, you can change the following cookie settings:
   - deletion of cookies
   - blocking cookies by default
   - allowing cookies by default
   - default retention of cookies and page data until the browser is closed. 
2. Internet Explorer - from the browser menu, select: Tools => Internet Options => Privacy, Websites button. Use the slider to set the level, then confirm the change with the OK button. 
3. Mozilla FireFox - from the browser menu, select: Tools => Options => Privacy. Activate the field saying that the Firefox software: "will use user settings." The matter of cookies is decided by checking (clicking) - or not - the ‘Accept cookies’ item.
4.  Opera - from the browser menu, select: Tool => Preferences => Advanced. The matter of cookies is decided by checking (clicking) - or not - the ‘Cookies’ item.

Social plugins.

The Websites use so-called social plug-ins that redirect to the Controller's profiles maintained on social networks: Facebook, YouTube, LinkedIn, Instagram. With the help of the functionality offered by these plugins, Users can make particular content available or share it on social media. We would like to point out, however, that by using these plug-ins, there is an exchange of data between the User and the social network or website in question. The Controller does not process this data and has no knowledge of what User data is collected. Therefore, we encourage you to read the terms of service and privacy policies of these social networks before using a particular plug-in.

Security.

We protect your personal data from unauthorized access by unauthorized persons, acquisition of data by unauthorized persons, destruction, loss, damage or alteration, and processing of personal data in a manner inconsistent with the provisions of GDPR.

In order to secure the data, we use technical and organizational measures that meet the requirements of GDPR, in particular the measures listed in Article 24 and Article 32 of GDPR, ensuring the confidentiality, integrity and availability of the processing services for the personal data provided.

Our affiliates, our trusted partners and third-party service providers have committed to processing data in accordance with the security and privacy requirements we have adopted.

Policy Changes.

We review the Policy on a regular basis and therefore reserve the right to update the Policy. If you perceive that the content of the Policy needs to be updated, please let us know.

Date of last update of the Policy: 28th September 2023