Privacy policy

Privacy and cookies policy

I. GENERAL PROVISIONS

  1. This Privacy Policy specifies the rules for processing and protecting personal data provided by users in connection with their use of the services offered by the website https://www.franchise-bc.com/ (hereinafter: the Website). The privacy policy defines the grounds, purposes and scope of personal data processing and the rights of data subjects, as well as information on the use of cookies on the Website.
  2. The administrator of the personal data, which are collected via the Website, is the company BODY CHIEF SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with registered office in ul. Polska 13, Poznań, Poland, entered in the Register of Entrepreneurs of the Polish National Court Register (KRS) under number KRS 0000713725, the registration court, in which the documentation of the company is kept is Sąd Rejonowy Poznań – Nowe Miasto i Wilda w Poznaniu [the District Court for Poznań – New Town and Wilda in Poznań], VIII Wydział Gospodarczy Krajowego Rejestru Sądowego [Eight Commercial Division of the National Court Register (hereinafter: the Administrator). Polish Tax Identification Number NIP: 7792479825, Polish Statistical Identification Number REGON: 369298976, e-mail address: [email protected]
  3. The contact data of the Inspector responsible for data protection who was appointed by the Administrator: Arnold Paszta, mailing address: ul. Polska 13, 60-595 Poznań, Poland, e-mail address: [email protected]
  4. In order to maintain the security of entrusted personal data, the Administrator operates on the basis of internal procedures and recommendations, in accordance with the relevant legal acts in the field of personal data protection, in particular with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 EC.
  5. The Administrator pays the utmost care in order to protect the interests of the persons to whom the personal data being processed by the Administrator are related and, in particular, the Administrator is responsible for and ensures that the data collected by the Administrator, are:
    1. processed in accordance with law;
    2. collected for designated purposes, which are compliant with law, are not subjected to further processing not being compliant with the above-mentioned purposes;
    3. are correct from the point of view of the substance and are adequate for the purposes for which they are being processed;
    4. kept in a form allowing the identification of persons to whom they are related, no longer than it is indispensable for the achievement of the goal of the processing.

II. BASES OF THE DATA PROCESSING

  1. The Administrator is authorised to process the personal data if – and to the extent that – at least one of the following conditions is met: (1) the person to whom the data are related, has expressed the consent to the processing of his/her personal data for one or more purposes; (2) the processing is indispensable for the execution of a contract to which the data subject is a party, or to take actions at the request of the person to whom the data are related, prior to entering into a contract; (3) the processing is indispensable for the fulfilment of the legal obligation being incumbent on the Administrator; or (4) the processing is indispensable for the purposes resulting from legally justified interests being realised by the Administrator or by a third party, with exception of such a situation, in which the interests or the basic rights and freedoms of the person to whom the data are related have a superior nature in relation to these interests and they require the protection of personal data, in particular when the person to whom the data are related, is a child.
  2. The processing of personal data by the Administrator requires, each time, the existence of one of the bases indicated in point II.1 of the privacy policy.

III. PURPOSES AND SCOPE OF DATA PROCESSING

  1. The Administrator processes personal data provided by the Website users voluntarily, only for the purpose of:

Purpose of the data processing

The legal basis of the processing

The scope of the processed data

Performance of services provided by the Administrator, providing answers to inquiries sent using the contact form Article 6 paragraph 1 letter b) of the General Data Protection Regulation (execution of the contract)

The data are stored during a period being indispensable for the execution, for the dissolution or for the expiry in another way of the concluded contract.

The maximum scope: first name and surname, e-mail address, contact telephone number.

In case of Clients who are not consumers, the Administrator may process in addition the business name of the company, the address of the conduct of the business/ of the registered office and the tax identification number (NIP) of the Client.

The indicated scope is the maximum scope.

Marketing of the Administrator’s services and products Article 6 paragraph 1 letter a) of the General Data Protection Regulation (consent)

The data are stored until the moment of the withdrawal of the consent by the person to whom the data are related, to the further processing of his/ her data for this purpose.

The maximum scope: first name and surname, contact telephone number,

e-mail address.

The establishment, enforcement and defence of claims, which may be filed by the Administrator or against the Administrator Article 6 paragraph 1 letter f) of the General Data Protection Regulation

The data are kept during the period of the existence of the legally justified interest being realised by the Administrator, not longer, however, than during the prescription of claims in relation to the person to whom the data are related, on account of the business activity conducted by the Administrator. The prescription is defined by the provisions of law, in particular of the Civil Code (the basic term of prescription for claims connected with the conduct of business activity amounts to three years and, for a contract of sale, it amounts to two years).

The maximum scope: first name and surname, mobile phone number, e-mail address.

In case of Clients who are not consumers, the Administrator may process in addition the business name of the company, the address of the conduct of the business/ of the registered office and the tax identification number (NIP) of the Client.

Keeping of the accounting books Article 6 paragraph 1 letter c) of the General Data Protection Regulation in connection with article 74 paragraph 2 of the Act of Parliament on accounting dated 30th January 2018 (Law gazette of 2018, item 395)

The data are stored during the period required by the provisions of law, which impose (the obligation) on the Administrator to keep the accounting books (five years starting from the beginning of the years, which follows the financial year to which the data are related).

First name and surname, residence address

In case of Clients who are not consumers, the Administrator may process in addition the business name of the company, the address of the conduct of the business/ of the registered office and the tax identification number (NIP) of the Client.

Ensuring the safety of employees and property protection Article 6 paragraph 1 letter f) of the General Data Protection Regulation, legitimate interest of the Administrator,

Retention period: 30 days

Image of clients and third parties

IV. THE RECEIVERS OF WEBSITE DATA

  1. The recipients of personal data may be bodies, institutions and entities authorized by the law, as well as entities providing services to the Data Administrator (e.g. legal, IT, marketing, accounting services) and other entities involved in the implementation of the ordered service. The Administrator uses exclusively the services of such processing entities, which provide sufficient guarantees of the implementation of appropriate technical and organisational means so that the data processing meets the requirements of the General Data Protection Regulation and it protects the rights of the data subjects. The personal data are not transferred neither to any third-party state nor to any international organisation.
  2. The transmission of data by the Administrator does not take place in each case and it is not made to all the recipients or categories of recipients who are designated in the privacy policy. The Administrator transmits the data exclusively when it is indispensable for the realisation of a given purpose of personal data processing and only within the scope being indispensable for its execution.

V. RIGHTS OF DATA SUBJECTS

  1. The right to access, to rectify, to limit, to remove or to transfer – the person to whom the data are related, has the right to demand the Administrator to give access to his/ her personal data, to rectify them, to remove them (“the right to be forgotten”) or to limit the processing and he/ she has the right to submit an objection to the processing and also, he/ she has the right to transfer his/ her data. The detailed conditions of the exercising of the rights mentioned above, are indicated in articles from 15 to 21 of the General Data Protection Regulation.
  2. The right to withdraw the consent at any time – the person whose data are being processed by the Administrator on the basis of the expressed consent (on the basis of article 6 paragraph 1 letter a) of the General Data Protection Regulation has the right to withdraw the consent at any time without impact on the compliance of the processing with law which was made on the basis of such a consent before its withdrawal.
  3. The right to submit a complaint to the supervisory body – the person whose data are being processed by the Administrator, has the right to submit a complaint to the supervisory body in the manner and according to the procedure defined in the provisions of the General Data Protection Regulation and of the Polish law, in particular of the Act of Parliament on the protection of personal data. The Supervisory Body in Poland is the President of the Office for the Protection of Personal Data.
  4. The right to object – the person to whom the data are related, has the right to make an objection at any time – due to reasons connected with his/ her specific situation – against the processing of the personal data related to him / her based on article 6 paragraph 1 letter e) (public interest or tasks) or f) (legally justified interest of the administrator). In such a case the Administrator is not allowed to process these personal data unless the Administrator demonstrates the existence of important legally justified bases for processing, which are superior to the interests, rights and freedoms of the person to whom the data are related or of bases of the establishment, enforcement or defence of claims.
  5. In order to realise the rights, which are mentioned in the present point of the privacy policy, one may contact the Administrator by sending an appropriate message in writing or by e-mail to the address of the Administrator or of the inspector responsible for the protection of data of the Administrator, which is indicated at the beginning of the privacy policy. In case of the withdrawal of the voluntary consent the person who gave the consent, may withdraw this consent at any time. The withdrawal of a compulsory consent (connected with the processing of data related to health) is connected with the necessity to cease to use the services of the Administrator.

 

VI. USING COOKIE FILES

  1. The Cookie files (cookies) are small textual pieces of information in the form of text files, sent by the server and recorded at the side of the person who visits the Website (for example on the hard disk of a computer, of a laptop or on the memory card of a smart phone – depending on what device is used by the person who visits our Website). The detailed information related to Cookies and the history of their creation may be found among others here:https://en.wikipedia.org/wiki/HTTP_cookie.
  2. The Administrator may process the data, contained in the Cookie files during the use of the Website by the visitors, for the following purposes:
    1. Realisation of the basic functionalities of the Website, the storage of dynamic data, for example statistics, summaries;
    2. Adjustment of the Website content to the individual preferences of the Recipients of services (for example related to the language);
    3. Memorisation of IP locations, of the time zone;
    4. Keeping of anonymous statistics, which present the manner of using the Website;
    5. Personalisation and publication of advertising contents placed on the Website, which are compliant with the interests of the Recipients of services.
    6. Re-marketing, i.e. advertising action, in which after the creation of appropriate re-marketing lists on the basis of selected features of behaviours (by means of Google Analytics) banner advertisements are sent, which appear to the users during their visits to various websites in the advertising network of Google.
  3. On a standard basis the majority of web browsers being available on the market accept by default the recording of Cookie files. Everybody has the possibility of defining the conditions of the use of the Cookie files by means of the settings of his/ her own web browser. This means that one may for example limit partially (for example temporarily) or completely switch off the possibility of recording the Cookie files.
  4. The settings of the web browser, which are related to the Cookie files, are important from the point of view of the consent to the use of the Cookie files within Body Chief Website – in accordance with the provisions such a consent may be also expressed by means of the settings of the web browser. In case of lack of the expression of such a consent one has to change the settings of the web browser in an appropriate way with respect to the Cookie files.
  5. The detailed information on the change of the settings related to the Cookie files and on their elimination by oneself in the most popular web browsers are available in the Technical Support Department of the given web browser and on the following websites (one has just to click on the appropriate link):
    1. In the Chrome Browser
    2. In the Firefox Browser
    3. In the Internet Explorer Browser
    4. In the Opera Browser
    5. In the Safari Browser
    6. In the Microsoft Edge Browser
  6. On the Website the Administrator may use the services of Google Analytics, of Universal Analytics provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). These services help the Administrator to analyse the on the Website. The gathered data are processed in the framework of the above-mentioned services in an anonymous way (these are the so-called operating data, which make the identification of the person impossible) in order to generate statistics, which help in the administration of the Website. These data have a collective and anonymous nature, i.e. they do not contain identification features (personal data) of the person, who visits Website. While using the above-mentioned services on the Website, the Administrator gathers such data as the sources and the medium of the acquisition of the visitors of the Website and the manner in which they behave there, the information on the devices and browsers from which they visit the site, the IP and the domain, the geographic data as well as the demographic data (age, sex) and interests.
  7. It is possible for a given person to block easily the information about his/ her activities on the Website for Google Analytics. For this purpose one may install a browser add-on, which is being made available by Google Inc. by clicking here: https://tools.google.com/dlpage/gaoptout?hl=pl.
  8. On the Website the Administrator may use the Pixel service of Facebook, which is provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). This service helps the Administrator to measure the efficiency of advertisements and to learn which actions are taken by the Website visitors and also to display advertisements, which are specially adjusted to these persons. The creation of re-marketing lists of cookie files gathered by Pixel takes place in the Facebook panel. The detailed information about the operation of Pixel of Facebook may be found under the following Internet address: https://www.facebook.com/business/help/742478679120153?helpref=page_content.
  9. The management of the operation of Pixel of Facebook is possible by means of the settings of advertisements in one’s account on the portal Facebook.com: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.