ATEPAA Sp. z o.o. with registered office in Bielsko-Biała
2.1.What are personal data and what does the processing mean?
Personal data means information about identified or identifiable natural person. Identifiable natural person is a person who may be directly or indirectly identified, in particular, on the basis of the ID information such as: first name and surname, ID number, location data, on-line ID or one, or several specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person. Personal data processing is, in principle, any act on personal data, whether or not it is carried out automatically, e.g. collection, storage, retention, organization, modification, viewing, use, sharing, limiting, erasure or destruction. ATEPAA processes personal data for different purposes but depending on the purpose, various ways of collection, legal basis for processing, use, disclosure and retention periods may apply.
ATEPAA sp. z o.o. with its registered office in Bielsko-Biała (43-300), Podwale 45 street, registry files kept in District Court in Bielsko-Biała, VIII Commercial Division of National Registry Court, KRS number: 0000636102, NIP (Tax ID): 5472165082, share capital 7.505.000,00 zł. ATEPAA has designated within its structures a contact person for issues related to personal data available under e-mail: [email protected] In case of any questions or doubts related to the processing of personal data by ATEPAA, please contact us at the above-mentioned e-mail address.
2.3.In what way, on the basis of which legal basis and what types of personal data are processed by ATEPAA?
We would like to be transparent about the ways and legal basis of processing personal data as well as the purposes for which ATEPAA processes personal data. We make all effort to indicate the necessary information in this respect to each person whose personal data are processed by ATEPAA as a Data Controller. In order to make our explanation of these issues as clear as possible, we present the following list of personal data processing operations in connection with the operated website.At the same time, we would like to point out that whenever we process personal data on the basis of the legitimate interest of the Data Controller (article 6 item 1 letter f of the GDPR), we try to analyse and balance our interest and the potential impact on the Data Subject (positive and negative) as well as the rights of the Data Subject under the provisions on personal data protection. We do not process personal data on the basis of our legitimate interest if we conclude that the impact on the Data Subject would outweigh our interests (in this case we may process personal data if we have appropriate consent or it is required or permitted by law).
A.Personal data processing of the visitors of the website operated by ATEPAA
In connection with your use of our website, we process the personal data sent by your browser to our server. The processing of this personal data is necessary for the proper functioning of our website and to ensure the stability and safety of the user. The processing is carried out on the basis of article 6 item 1 letter f of the GDPR. The data processed should include: IP address, date and time of session start, time zone information, source page information, access status/http access code, page address, browser type, operating system and its interface, software language and version of the browser.
B.Personal data processing within the contact form
In the ‘contact’ tab on our website you will find a contact form that allows you to submit a query with respect to the business activity conducted by LYXGARAGE.
The contact form collects from the user the following data: first name, e-mail address and query content. Optionally, within the content of the query, the user can make available to LYXGARAGE other personal data which are provided voluntarily and in accordance with the will expressed by the user. The data such as first name, e-mail address is necessary in order for the user to make them available because by providing them we will be able to accomplish the intended goal, i.e. provide an answer to the question asked by the user.
C.Personal data processing within the Google Analytics
On our website you will find links to social networking sites, where information about us and our activities is posted. Data controller within social networkingsites is LYXGARAGE as well as owner of social networkingsite.
E.Uploading YouTube videos on the website
F.Website integration with Google Maps
As part of our website, we also use Google Maps. That is why, we provide the possibility of displaying the interactive map directly on the website and the convenience of using the map’s functions.In relation to the use of Google Maps, the provisions of section C apply.
2.4.How long do we process personal data?
The length of time we may process personal data depends on the legal basis on which the processing of personal data is legally required by ATEPAA. In the applicable ATEPAA’s policies we determine that we must never process personal data for a period longer than is required by the above-mentioned legal basis. Accordingly, we inform you that:
a)In the case if ATEPAA processes personal data on the basis of the consent, the processing period lasts until the intended purpose is achieved or the fixed archiving period expires, or consent withdrawal, in any case contactform -for the period of the parties’ correspondence on the question asked.
b)In case if ATEPAA processes personal data on the basis of agreement performance purpose or to perform actions before agreement performance (order performance), for time of order realization and after its cessation for period of claims prescription and accounting documentation archiving, according to binding legal provisions.
c)in case if ATEPAA processes personal data on the basis of justified interest of the Data Controller, the processing period lasts until the above-mentioned interest ceases (e.g. period of prescription of civil law claims) or until the Data Subject objects to such processing -in situations where such objection is legally possible.
d)In the event that LYXGARAGE processes personal data because it is necessary due to the applicable legal regulations, the periods of data processing for this purpose are determined by these regulations.
2.5.When and how do we transfer personal data with third parties? Do we transfer personal data to third countries?
We only transfer personal data to others if we are permitted to do so by law. In such a case, we provide for data protection provisions and security features in the relevant agreement with a third party in order to protect your personal data and to maintain our standards in the scope of data protection, confidentiality and security.
If we transfer personal data, of which we are the administrator, to other entities for the performance of certain activities on our behalf, we conclude a special agreement with such an entity. Such agreements are called personal data processing agreements (article28 of GDPR), thanks to it, ATEPAA has control over how and to what extent the entity, to which ATEPAA entrusted the processing of certain categories of personal data, processes them. Personal data processing agreements include obligations that the personal data processing entity:
-processes personal data exclusively on the Data Controller’s documented instructions -including the transfer of personal data to a third country or an international organisation -unless such an obligation is imposed on the Data Controller by the Union law or by the law of the Member State of the processing entity, in such a case the processing entity shall inform the Data Controller of this legal obligation prior to the start of the processing, provided that this right does not prohibit the provision ofsuch information on the grounds of important public interest;
-ensures that persons authorised to process personal data have undertaken to keep confidentiality or are subject to an appropriate statutory confidentiality obligation;
-takes all measuresrequired under article 32 of the GDPR;
-considering the nature of the processing, it shall, as far as possible, assist the Data Controller, through appropriate technical and organisational measures, to comply with the Data Subject’s requests for the exercise of its rights set out in Chapter III of the GDPR;
-considering the nature of the processing and the information available to this entity, it shall assist the Data Controller in fulfilling the obligations set out in Articles 32 to 36 of the GDPR;
-upon termination of the provision of processing services, depending on the decision of the Data Controller, the processing entity erasures or returns any personal data and deletes any existing copies, unless the Union law or the law of a Member State requires the storage of personal data;
-makes available to the Data Controller all information necessary to demonstrate compliance with the obligations set out in article 28 of the GDPR and allows the Data Controller or auditor authorised by the Data Controller to carry out audits, including inspections and contributes to them.
In relation to personal data collected by ATEPAA within the operated website https://www.atepaa.com/, no provision is made for personal data to be made available to third parties, with the exception of possible access:
-IT company operating the website on behalf of ATEPAA;
-entities providing hosting services for ATEPAA;
-entities carrying out marketing or sales campaigns for ATEPAA;
-other ATEPAA’s subcontractors providing services in the field of software, software maintenance services including website.
Additionally, certain personal data may be transferred to other companies in the ATEPAA corporate group, which constitutes a legitimate interest of the Data Controller (article 6 item 1 letter f of the GDPR). In the case of personal data transferred outside the territory of the Republic of Poland, it should be noted that: cross-border transfers may concern the countries which do not belong to the European Economic Area (‘EEA’) and countries in which there are no regulations specifying special protection of personal data. We have taken steps to ensure adequate protection of all personal data and the lawfulness of the transfer of personal data also outside the EEA. In the case of transfer of personal data outside the EEA to the country, which according to the European Commission does not ensure a proper level of protection of personal data, the transfer takes place exclusively on the basis of an agreement considering the EU requirements in the scope of the transfer of personal data outside the EEA.
2.6.What are the rights of Data Subjects and how to exercise them? [information clause]
Natural persons have certain rights concerning their personal data and ATEPAA, as the Data Controller, is responsible for the exercise of these rights in accordance with applicable laws. If you have any questions or requests concerning the scope and exercise of your rights, as well as to contact us in order to exercise your specific data protection rights, please contact us at the following e-mail address:
We reserve the right to exercise the following rights after positive verification of the identity of the person applying for a given action.
A.Access to personal data
Natural persons have the right to access the data that we store as a Data Controller. This right mat be exercised by sending e-mail to the address: [email protected]
B.Modification, rectification or erasure of personal data
Modifications, including updating, rectification or erasure of personal data which are processed by ATEPAA may be carried out by sending e-mail to the address: [email protected] right to erasure data may be exercised e.g. when personal data of a natural personwill no longer be necessary for the purposes for which they were collected by ATEPAA or a natural person withholds its consent for data processing by ATEPAA. Additionally, if a natural person objects to the processing of his or her data or if his or her data will be processed unlawfully. The erasure of such data should be carried out in order to comply with a legal obligation.
C.Withdrawal of the consent
In the event of personal data processing on the basis of a consent, natural persons have the right to withdraw this consent at any time. We inform about this right at any time during the collection of consents and allow you to withdraw your consent as easily as it was given. If there is no different information, i.e. if we have not provided a different address or contact number for withdrawal of the consent, please send us an e-mail at the following address: [email protected]
D.Right to the restriction of processing or object to the processing of personal data
Natural persons have the right to restrict or object to the processing of their personal data at any time, on the basis of their particular situation, unless processing is required by law.
Natural person may object to the processing of personal data, if:
-the processing of personal data is based on the legitimate interest of the Data Controller or for statistical purposes and the objection is justified by the particular situation in which it finds itself;
-personal data are processed for the purposes of direct marketing of the Data Controller, including profiled for this purpose.
In relation to the request to restrict the processing of personal data, we inform you that it is possible when:
-the Data Subject argues against the correctness of the personal data – for a period allowing the Data Controller to check the correctness of the data;
-the processing is unlawful and the Data Subject objects to the erasure of personal data and instead demands the restriction on their use;
-the Data Controller no longer needs personal data for the purposes of the processing, but they are needed by the Data Subject for the determination, assertion or defence of claims;
-the Data Subject has objected under article 21item 1of GDPR to the processing of personal data by the Data Controller, -until it isdetermined whether the Data Controller’s legitimate grounds are superior over the Data Subject’s grounds for objection.
E. Right to data transfer
The Data Subject has the right to receive, in a structured, machine-readable format in common use, personal data relating to him/her that has been supplied to the Data Controller and has the right to forward those personal data to another Data Controller without hindrance of the Data Controller to whom the personal data have been supplied, if any:
-the processing is carried out on the basis of the consent in accordance with article 6 item 1 letter aof GDPRor article 9 item 2 letter aof GDPR; or
-under the agreement within the meaning of article 6 item 1 letter b of GDPR; and
-the processing takes place in an automated manner
In exercising the right of personal data transfer, the user has the right to demand that it is sent by the Data Controller directly to another Data Controller, as far as it is technically possible.
The right of data transfer shall not adversely affect the rights and freedoms of others.
If you wish to exercise these rights, please send an e-mail to the following address: [email protected]
F.Further questions, concerns and complaints
All complaints we receive will be considered and answered.
Persons whose personal data are being processed by ATEPAA have the right to lodge a complaint to the supervisory authority, which is the President of the Office for Personal Data Protection at Stawki 2street, 00-193 Warszawa.
3.1.What are cookies?
Cookies are small files that are stored on your electronic device by the websites that you visit. Cookies contain different information that is often necessary for the website to function properly. Cookies are encrypted in such a way that unauthorized persons do not have access to them. Information collected on the basis of cookies may be read only by ATEPAA as well as -due to technical reasons -trusted partners whose services we use. What is more important, cookies cannot run programs or transfer viruses to electronic devices.
We divide cookies, according to the purpose for which we use them, on:
Basic cookies -installed if the user has given the consent by means of software settings installed on the electronic device. These cookies include technical and analytical cookies.
Technical cookies -are necessary for the website to function properly. We use them in order to:
-ensure that the website is displayed correctly -depending on which device you are using,
-adapt our services to your choices which are relevant to the operation of the website from technical point of view, e.g. language chosen,
-remember whether you give a consent to the display of certain content.
Analytical cookies -are necessary to settle with business partners or to measure the effectiveness of our marketing activities without identifying personal data and to improve the functioning of our website. We may use them to:-examine statistics concerning website traffic and check its sources (redirections), -detect various types of abuse, e.g. artificial Internet traffic (bots).
We also divide all cookies according to the time for which they are installed in the user’s browser:
Session cookies -remain on the user’s device until the user leaves the website or turns off the software (browser). They are mostly technical cookies.
Permanent cookies -remain on the user’s device for the time specified in the file parameters or until they are manually deleted by the user.
3.4.Can I refuse to accept cookies?
You can always change your browser settings and rejectrequests for cookies. However, before you decide to change your settings, please note that cookies serve your convenience in using the website. Disabling cookies may have influence on how our website is displayed in your browser. In some cases, the website may not display at all.
3.5.How to disable cookies?
You can delete cookies from your browser at any time and block their reinstallation.
Depending on the browser you use, the option to delete or withdraw your consent to the installation of cookies may vary. In this case, please refer to the user’s manual available from the browser on your electronic device.
In order to ensure the best possible contact with us in relation to the protection of personal data, we also enable direct contact at the seat of ATEPAA as well as contact by letter (post) or telephone and for this purpose we provide the following contact details:
ATEPAA Sp. z o.o.
E: [email protected]