Privacy Policy
General information.
This document is our general declaration regarding the applied principles related to the processing of your personal data and the protection of fundamental rights and freedoms resulting from the provisions of applicable law. This document also describes the ways of exercising these rights and our obligations resulting from the processing of personal data.
Information about Controller.
The Controller is Oceanic sp. z o.o. with its registered office in Sopot, Łokietka 58, 81-736 Sopot, Poland. You can contact us by sending appropriately addressed written correspondence to the address of our registered office or by sending an e-mail to oceanic@oceanic.com.pl address or by sending an inquiry in the contact form available on the website at https://www.oceanic.com.pl/en/contact/.
Information about Data Protection Officer.
Our Data Protection Officer is Łukasz Kołodziejczyk. Regarding issues related to the processing of personal data, you can contact our Data Protection Officer by sending an e-mail to iod@oceanic.com.pl address or by sending appropriately addressed correspondence to the address of our registered office.
Information about purposes of the personal data processing.
Personal data that we collect and process as part of our business may be processed for various purposes strictly defined by us.
The purposes of personal data processing can be adapted and presented within a specific process or business context related to the activities carried out by us.
More detailed information on this subject can be found in the relevant documents and Information Clauses, which we place on our websites or make available directly each time in the process of obtaining personal data.
Information about how we process your personal data.
We process personal data manually, by authorized persons and in a partially or fully automated manner with the use of computer IT systems.
The use of appropriate techniques and means of personal data processing depends on the requirements and possibilities of the way the data processing is carried out.
Personal data collected directly.
We collect personal data directly mainly through the process of collecting documents, sending electronic forms, forwarding e-mails or written correspondence. The personal data collected in this way primarily includes the data declared by the data subject.
Personal data obtained indirectly.
We obtain personal data indirectly mainly when you use our websites. In this way, we primarily obtain data provided by the web browser or the device you use to connect to the Internet. This data primarily relates to the way our websites are used and is used to monitor interest in our products and offers, to improve the solutions used or to adjust the content and offers of products and services. This information may include your Internet access IP address, your browser type, your operating system, the length of time you spend on our websites, and the offers you view and select.
Information about the legal bases for processing your personal data.
The legal bases for the processing of personal data are always linked to and adapted to the purposes of the data processing. Each time we collect personal data, we will indicate the purposes of personal data processing that we intend to implement and the related legal basis.
Personal data may be processed by us primarily based on the consent granted, in connection with taking actions aimed at concluding a contract, in connection with the performance of a contract, in connection with the performance of obligations resulting from the provisions of law or based on a legitimate interest.
More detailed information on this subject can be found in the relevant documents and information clauses that we place on our websites or make available directly each time in the process of obtaining personal data.
Information about the period of personal data processing.
The period of personal data processing results from the purpose for which the data was collected and for which it is processed, as well as from the legal basis for their processing.
Personal data processed based on the consent are processed by us until the consent is withdrawn or an objection is raised to further processing, and after this period they are deleted or anonymized.
Personal data processed in connection with the implementation of activities aimed at concluding a contract are processed by us for the period of conducting these activities or until an objection to further data processing is filed and accepted, and after this period only to the extent necessary to meet the obligations resulting from the provisions of law and in connection with possible claims or defense against claims. and after this period, they are deleted or anonymized.
Personal data processed in connection with the performance of the contract are processed by us for the duration of the contract to the extent necessary for its proper performance, and after this period only to the extent necessary to meet the obligations resulting from the provisions of law and in connection with possible claims or defense against claims. and after this period, they are deleted or anonymized.
Personal data processed in connection with the performance of obligations resulting from the provisions of applicable law are processed by us for the period indicated or resulting from these provisions of law to the extent necessary for their proper implementation, and after this period they are deleted or anonymized.
Personal data processed in connection with the implementation of our legitimate interest are processed by us for the period necessary to achieve a specific purpose or until an objection to such data processing is filed and accepted, and after this period they are deleted or anonymized.
More detailed information on this subject can be found in the relevant documents and information clauses that we place on our websites or make available directly each time in the process of obtaining personal data.
Information about the recipients of personal data.
Personal data is made available primarily to our employees in accordance with the rights and authorizations they must ensure the proper handling of the data processing processes carried out and in the necessary time and scope.
Our employees have been trained in the applicable rules for the processing of personal data and the applicable laws on the principles of processing and protection of personal data and have been obliged to keep this information confidential.
In justified cases, personal data may also be made available to trusted cooperating entities, only for the purposes and to the extent necessary to fulfil the obligations or rights of the Personal Data Controller.
Personal data may also be made available to our Data Protection Officer in situations where it is necessary to perform the tasks of the Data Protection Officer provided for in the provisions of law and internal procedures.
More detailed information on this subject can be found in the relevant documents and information clauses that we place on our websites or make available directly each time in the process of obtaining personal data.
Information on the exercise of the data subject’s rights.
Request the exercise of your data subject rights.
We ensure that all possible and available technical and organizational measures are available to ensure that data subjects can exercise their rights without hindrance. Therefore, please send all notifications and requests regarding the exercise of the rights of data subjects under the law in writing to the address of our registered office or by sending an e-mail to the oceanic@oceanic.com.pl address or by sending the content of the letter in the contact form available on the website at https://www.oceanic.com.pl/kontakt/.
In justified cases, due to the correct identification of a person, we may ask you to provide additional information or provide the necessary documents confirming your identity.
Any requests related to the exercise of your rights should be submitted directly to the Controller, in a situation where we process your personal data as a Processor, i.e. at the request of another Controller, we will provide you with appropriate information in this regard.
The right to freely give or withdraw consent to the processing of data.
You have the right to freely express or withdraw your consent to the processing of your personal data. If your personal data is processed based on your consent, we will provide you with the possibility to withdraw it at any time automatically using the mechanisms provided or manually based on an appropriate request sent to us in accordance with the indicated communication rules.
Your personal data may also be processed by us based on a legally justified purpose, which is, among others, marketing of our own products and services. In this case, we also give you the opportunity to object to such data processing.
The withdrawal of consent will have immediate effect from the moment of this action and will not affect the processing of data that took place before its withdrawal.
Withdrawal of consent does not entail any negative consequences for you, but it may prevent you from further use of the Services or our websites in the manner specified by us.
The right to access your personal data.
We ensure the right to access the personal data processed. We exercise this right primarily by means of electronic communication, providing you with information on what data we currently have on request.
You may also receive copies of the information we hold from us. In this case, we will provide you with a copy of the personal data you have provided in a structured, commonly used, machine-readable format. We do not charge a fee for preparing, processing, and issuing the first copy of the data.
For subsequent requests, we may charge you a fee based on the costs of preparing, processing, and providing this data. In this case, we will inform you of the amount of the fee before the next copy of the data is processed.
The right to rectification of personal data.
You have the right to rectify (correct) your personal data. We exercise this right primarily by means of electronic communication, enabling you to provide information about changes in your personal data. If this is not possible, you have the right to demand that we immediately correct, supplement, or delete the data.
The right to erasure of your personal data.
You have the right to request the erasure of your personal data. We exercise this right based on an explicit request for deletion of the data. A request to delete your personal information may result in the cessation of providing the service or using the services and tools we have provided or the services of our trusted partners.
You can exercise your right to erasure if:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- you withdraw your consent to the processing of data on which the processing is based and there is no other legal basis for further processing;
- the personal data has been unlawfully processed;
- personal data must be erased to comply with a legal obligation under European Union law or European Union Member State law.
However, the exercise of the right to request the deletion of personal data may be limited if the processing is necessary for us to comply with an obligation under the law or to establish, pursue or defend claims.
The right to restrict the processing of your personal data.
You have the right to demand the restriction of the processing of your personal data. We exercise this right on the basis of an explicit request to restrict processing with justification.
- if you question the correctness of the personal data provided – for a period allowing to verify the correctness of the questioned data;
- the processing of your personal data is unlawful, but you oppose the erasure of your personal data;
- the personal data we process are no longer necessary to achieve the purpose for which we processed them, but they are needed by you to establish, pursue or defend against claims;
- you object to the processing of your personal data due to a special situation that has been indicated in the provisions on the protection of personal data.
The right to object to the processing of your personal data.
You have the right to object to the processing of your personal data. We exercise this right based on a clear objection to the processing of your data submitted to us.
You can exercise your right to object to the processing of your personal data in a situation where this processing is carried out in connection with the implementation of our legitimate interest – e.g. marketing of our own products and services.
The right to data portability.
You have the right to request the transfer of your personal data to another personal data controller. However, for security reasons and in the absence of standards related to data portability, we will not always be able to comply with such a request. However, it is our policy that you may receive a copy of your personal data from us.
The right to lodge a complaint with a supervisory authority.
You have the right to lodge a complaint related to the processing of your personal data at any time to the supervisory authority, i.e. to the President of the Office for Personal Data Protection.
We respect your privacy and guarantee you the opportunity to exercise your rights under the law regarding the processing of personal data. To avoid unnecessary disputes, we encourage you to contact our Data Protection Officer directly before filing such a complaint to resolve any disputes.
Restrictions related to the exercise of the rights of the subject of personal data.
The above-mentioned rights and the manner of exercising them may be subject to limitations in justified cases. Such a situation will occur if the restriction results from the obligations indicated in the provisions of law that we are obliged to apply. In this case, we will provide you with the relevant information along with the justification for our decision.
Information about the obligation to provide data.
Providing personal data may be necessary for the proper performance of a specific action, the proper provision of services or the implementation of a request or notification and the fulfillment of obligations under the provisions of applicable law.
By applying the principle of minimization, we do not collect more data than is necessary for their implementation. Each time the provision of additional personal data is necessary for the implementation of a specific purpose, you will receive the relevant information from us directly or this information will be made available in the appropriate information clause.
Failure to provide the required information may result in the limitation or cessation of our services, result in the suspension or termination of the contract, or prevent the implementation of the request or notification, as well as cause a breach of obligations under the law.
Information about automated decision-making.
In connection with the processing of personal data, we use computer IT systems in which data processing processes take place in an automated manner.
The activities we carry out in the field of automated processing of personal data are aimed at improving the quality, efficiency, efficiency of data processing operations and information security.
In certain cases, computer information systems may make automated decisions affecting the way personal data is processed and the manner in which the rights of data subjects are exercised. We will make every effort to ensure that such situations are properly communicated, at the same time we ask you to report any doubts in this regard in accordance with the established communication rules.
Profiling Information.
To tailor our offer, improve the functions and functionality of our websites and the tools we provide, we collect and process information about how Users of our websites use our website and what products and services they are interested in.
The information is also used for statistical and analytical purposes and may be used for automatic processes of tailoring the offer, including for purposes related to the marketing of our products and services.
Information on transfer outside the European Economic Area.
Personal data may be transferred to third countries, i.e. outside the European Economic Area, mainly due to the use of information society services. In such cases, the legally required security measures will be taken to guarantee an adequate level of data protection and the rights and freedoms of data subjects.
More detailed information on this subject can be found in the relevant documents and information clauses that we place on our websites or make available directly each time in the process of obtaining personal data.
Document update policy.
In accordance with the needs, the rules of our business and changes in the law, we will update the Privacy Policy with appropriate provisions.
We will inform you of any changes via our websites by posting appropriate information on this Privacy Policy. In addition, in the event of significant changes related to the protection of privacy and personal data, we may send additional information to the e-mail address provided to us or require you to re-accept the rules for the processing of specific data and the protection of privacy in connection with the processing of information.
Final provisions.
This document and the rules described in it are effective upon publication. Any deviation from the general principles described above is governed by other documents and detailed records provided during the collection and further processing of personal data as part of the ongoing processes and operations of personal data processing.