I. GENERAL INFORMATION
2. This document is addressed to all persons who visit the nova-poshta.pl website, contact the Personal Data Administrator (by phone, e-mail or letter), who are employees, associates or representatives of the Personal Data Administrator's contractors (hereinafter: "Users").
3. Users can contact the Administrator in the following way:
A. by letter to the following address: 37/2.43 Domaniewskast., 02-672 Warsaw;
B. via e-mail: firstname.lastname@example.org ;
C. by phone: +48696060790
4. Personal data is any information relating to an identified or identifiable natural person. The scope of this type of data includes, among others, name, surname, address, telephone number and e-mail address. Information that cannot be traced back to an identified or identifiable person (such as statistical data) is not considered personal data.
II. APPLICABLE LAW ON PERSONAL DATA PROTECTION AND CONFIDENTIALITY OBLIGATION.
1. NEW POST INTERNATIONAL POLAND is subject to the provisions of Regulation of the European Parliament and the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC as well as other relevant national data protection legislation.
2. NEW POST INTERNATIONAL provides postal services, which is why it is obliged to observe the confidentiality of correspondence and ensure the security of shipments, in accordance with the provisions of the Postal Law.
III. INFORMATION PROTECTION
1. NEW POST INTERNATIONAL POLAND, by applying appropriate technical and organizational measures, makes every effort to protect personal data against loss or improper use.
2. All notifications regarding the protection of personal data are registered and explained in detail and analyzed in accordance with applicable law.
IV. RIGHTS OF DATA SUBJECTS
1. The data subject has the right to:
B. receive the information and have an access to data concerning him/her (the right of access by the data subject under art. 15 GDPR);
C. rectify his/her personal data that are incorrect and update his/her data (the right to rectify data, Article 16 GDPR);
D. request the deletion of his/her personal data (the right to delete data under art. 17 GDPR);
E. requests to cease processing (the right to limit processing under art. 18 GDPR);
F. request the transfer of data to another administrator (the right to transfer data under art. 20 GDPR);
G. objecting to the processing of his/her personal data (the right to object under art. 21 GDPR).
V. WITHDRAWAL OF CONSENT TO THE PROCESSING OF PERSONAL DATA AND MECHANISM OF WITHDRAWAL OF CONSENT
1. In the case the basis for data processing is the consent of the data subject, we inform you that this person has the right to withdraw consent at any time. The declaration of withdrawal of consent is made by providing the Administrator by e-mail or postal delivery, in accordance with the data provided, a statement in this regard.
2. Receiving of such a declaration does not affect the lawfulness of the prior processing of personal data.
3. Withdrawal of consent to the processing of personal data is ineffective to the extent necessary for the proper provision of services or provisions of an ongoing contract, including complaint proceedings. In this case, the withdrawal of the above-mentioned consent becomes effective upon resignation from services, termination of the contract or complaint process.
4. Despite the effective withdrawal of consent to the processing of data, the Administrator is entitled to process them to the extent necessary for:
A. pursuing claims related to the concluded contract;
B. fulfillment of the legal obligation incumbent on the Administrator;
C. performance of a task realized in the public interest or in the exercise of public authority vested in the administrator;
D. purposes resulting from legitimate interests realized by the administrator or by a third party, except where these interests are overridden by the interests or fundamental rights and freedoms of the data subject.
VI. IMPLEMENTATION OF RIGHTS ARISING FROM GDPR
In connection with the submitted declaration of withdrawal of consent to data processing, for the purpose of identifying the person submitting the declaration and in order to protect against unauthorized access to data, NEW POST INTERNATIONAL POLAND is entitled to obtain additional confirmation of the identity of the person submitting such a declaration.
VII. PERSONAL DATA CATEGORIES. PURPOSES OF THEIR PROCESSING AND LEGAL BASIS
1. In order to provide the Services and fulfill the Agreement with its Clients (Senders, Addressees) [Pursuant to art. 6 p. 1b) GDPR] NEW POST INTERNATIONAL POLAND processes as the Administrator the necessary data, such as:
A. Client's data (registration data, data of contact persons on the customer's side, i. e. name, surname, position, telephone number, signature, e-mail address, job position);
B. Sender's data (sending address and necessary contact details, signature, payment information and other data needed to perform the service ordered by the sender);
C. data of the Addressee (name and surname, signature, address, zip code, city, country, and optionally other data necessary for the realization provided to the data administrator by the sender of the shipment or indicated by himself the Addressee, such as e-mail address, telephone number).
2. Providing personal data is voluntary, but it is necessary for the performance of the Services provided by NEW POST INTERNATIONAL POLAND. If the Sender provides additional personal data of the Addressee, in connection with the selection of one of the Additional Services, the Sender is responsible for the correct collection of this data, in particular for having the Addressee's consent for their transfer to NEW POST INTERNATIONAL POLAND.
3. In some cases, the data is also processed:
A. on the basis of consent [Pursuant to Article 6 p. 1 a) and art. 7 GDPR] - in particular for marketing purposes or in relation to data provided voluntarily by the Addressee in connection with the delivery of the parcel
B. and the legitimate interests of the administrator [Pursuant to ART. 6 p. 1 f) GDPR] - in particular, such as: solvency control, compliance programs or sanctions, satisfaction surveys with the services provided (as well as to analyze the results of surveys completed as part of this survey and the possibility of return contact with the person providing the answer).
4. NEW POST INTERNATIONAL POLAND, as a registered postal operator, also processes personal data in order to fulfill its legal obligations [Pursuant to art. 6 p. 1c) GDPR], resulting in particular from the Postal Law and the Accounting Act (such as: proper settlement of the provided Service, consideration of complaints).
5. Using the NEW POST INTERNATIONAL POLAND website may involve the processing of personal data for the following purposes:
A. Placing an order and activities aimed at its implementation;
B. Shipments tracking [Pursuant to art. 6 p. 1b) GDPR] - the Parcel number is required to provide information about the status of the parcel.
C. Contact via the contact form [Pursuant to art. 6 p. 1f) GDPR] - data sent via the contact form, such as: name and surname, address, postal code, city, e-mail address) are required to process and answer the inquiry; [Pursuant to art. 6 p. 1a) GDPR] consent to the processing of data such
as: e-mail address, telephone number is required for contact in order to present a commercial offer.
D. Contact with a consultant via chat [Pursuant to art. 6 p. 1f) GDPR] - data sent during the conversation with the consultant, such as e-mail address, first and last name, address, postal code, city, are processed in order to verify the question asked and answer the question.
E. Parcel redirection [Pursuant to art. 6 p. 1b) GDPR] - via the NEW POST INTERNATIONAL POLAND website, the Addressee has the option to change the delivery address if he or she cannot collect the parcel in person. For this purpose, we collect the following personal data:
1.a. name and surname of the Addressee or company name;
1.b. street / house number;
1.c. zip code / place of residence;
1.d. e-mail address and description of the desired location.
VIII. SHARING OF DATA BY NEW POST INTERNATIONAL POLAND
1. NEW POST INTERNATIONAL POLAND may provide personal data:
A. to subsidiaries of NEW POST INTERNATIONAL POLAND and subcontractors (e. g. transport partners, operating parcel collection points or parcel lockers) within the European Union or outside it for the purpose of delivering parcels from the sender to the Addressee [Pursuant to art. 49 p. 1b) respectively c) GDPR];
B. entities that are subject to a contract for the provision of services for NEW POST INTERNATIONAL POLAND or on behalf of NEW POST INTERNATIONAL POLAND (Processors), in particular an IT service providers;
C. other persons or organizations based on applicable law;
D. banks and payment operators in order to perform the transaction (payments made using the BLIK code are handled by Krajowy Integrator Płatności Spółka Akcyjna with its registered office in Poznań 73/6, St. Marcin st. 61-808 Poznań);
E. law enforcement officers and authorities to comply with national security requirements or as part of a legal process to protect property, or to pursue an investigation of a violation of NEW POST INTERNATIONAL POLAND principles and policies, unauthorized access or use of NEW POST INTERNATIONAL POLAND equipment, or any other illegal activity.
2. Only the Sender and the Addressee have the right to receive information about the shipment. NEW POST INTERNATIONAL POLAND may provide such information to other entities only in situations specified in the relevant provisions of law, in particular in the Postal Law.
IX. STORAGE PERIOD AND DATA DELETION
1. NEW POST INTERNATIONAL POLAND processes personal data only for the time necessary to achieve the purpose for which they were collected. The period of data storage is determined based on the following requirements:
A. operational requirements: the period in which the information is necessary to perform the provided Services;
B. legal requirements: the period in which NEW POST INTERNATIONAL POLAND is required to store data for a specified period of time to comply with the law;
C. legitimate interests of NEW POST INTERNATIONAL POLAND: the period in which data is processed for the purpose of their implementation, in particular to establish and pursue possible claims in connection with the Services provided.
2. Archived data is available only to authorized employees. After the expiry of the period authorizing data storage, they are permanently deleted.
X.TRANSMISSION OF PERSONAL DATA TO COUNTRIES WHICH ARE NOT MEMBERS OF THE EUROPEAN ECONOMIC AREA
1. Personal data is transferred to third countries in the event that the services provided by NEW POST INTERNATIONAL POLAND are also to be performed in the territory of a third country. Such a situation occurs in particular when sending a parcel via NEW POST INTERNATIONAL POLAND takes place to a country that is not a member of the European Economic Area. Personal data may also be transferred to NEW POST INTERNATIONAL POLAND subcontractors (e. g. entities that deliver the parcel in the territory of a third country) and entities providing NEW POST INTERNATIONAL POLAND tax, legal, audit and billing consultancy, if they operate in a third country.
2. NEW POST INTERNATIONAL POLAND does not transfer personal data to international organizations.
3. NEW POST INTERNATIONAL POLAND does not transfer personal data to third countries if it is impossible or would be inconsistent with generally applicable law.
4. The level of protection of Personal Data outside the European Economic Area ("EEA") is not the same as the level provided by European law. Therefore, NEW POST INTERNATIONAL POLAND transfers personal data outside the EEA only when it is necessary, while ensuring an adequate level of data protection, mainly through:
A. cooperation with entities processing personal data in countries for which an appropriate decision of the European Commission has been issued regarding the assurance of an adequate level of protection of Personal Data;
B. use of standard contractual clauses issued by the European Commission, provided that an adequate level of personal data protection is ensured;
5. In the event of a justified intention to transfer personal data outside the EEA, other than the one indicated above, NEW POST INTERNATIONAL POLAND will inform about this fact at the appropriate stage of data processing, in accordance with applicable law.
XI.INFORMATION ON DATA COLLECTED THROUGH THE NEW POST INTERNATIONAL POLAND WEBSITE
1. Event log and cookies. Each time a user accesses the NEW POST INTERNATIONAL POLAND website, the data is saved in a log file. The scope of temporarily stored data includes:
A. the IP number of the computer from which the query was received;
B. domain name;
C. date and time of access;
D. http response code;
E. visited pages;
F. name and version of the operating system;
G. browser name and version;
H. screen resolution.
1. Cookies are internet data, in particular text files, which are stored on the end device (computer, mobile phone, tablet) of the User. First of all, they contain the name of the website of their origin, their unique number, and the storage time on the end device. Cookies are used to provide the Administrator with statistical information on Users' traffic, Users' activity and the manner of using the Service. They allow the content and services to be adjusted to the User's preferences.
A. The cookie mechanism is not used to obtain any information about Users, except for information about their behavior on the Service pages.
B. The Administrator stores cookies on Users' computers in order to:
1.a. proper adjustment of the Service to the needs of Users and optimization of the use of websites;
1.b. remembering the preferences and individual settings of the User, recognizing the User's device and properly displaying the website tailored to his needs (full version, mobile version of the website);
1.c. creating Website viewing statistics that help to understand how Users use websites, which allows improving their structure and content;
1.d. maintaining the User's session (after logging in), thanks to which the User does not have to re-enter the login and password on each subpage of the Website;
1.e. saving the cart data in the online store in order not to lose them after visiting the Service again.
3. The Service uses two basic types of cookies:
A. "session cookies" and
B. "persistent cookies".
4. Session cookies are temporary files that are stored on the User's end device until logging out, leaving the website or turning off the software (web browser). Persistent cookies are stored on the User's end device for the time specified in the cookie file parameters or until they are deleted by the User.
5. The following types of cookies are used as part of the Service:
A. "necessary" cookies, enabling the use of services available on the Website, e. g. authentication cookies used for services that require authentication on the Website;
B. cookies used to ensure security, e. g. used to detect fraud in the field of authentication on the Website;
C. "performance" cookies, enabling the collection of information on the use of the website pages;
D. "functional" cookies, enabling "remembering" the settings selected by the User and personalizing the User's interface, e. g. in terms of the selected language or region of the User's origin, font size, website appearance, etc.
XIII. BLOCKING THE ACTION OF COOKIES
1. In many cases, web browsers allow cookies to be stored on the User's end device by default. Website Users can change cookie settings at any time, e. g. in such a way as to block the automatic handling of cookies or inform about their every posting on the Website User's device. Detailed information on the possibilities and methods of handling cookies is available in the browser settings or on the following websites:
A. in the Internet Explorer browser;
B. in the Mozilla Firefox browser;
C. in the Chrome browser;
D. in the Safari browser;
E. in the Opera browser;