_Privacy Policy and Cookies_
Introduction
This document covers both the Privacy Policy and Cookies Policy applied by 5bonsai.com ("Service"). Our priority is to protect the privacy of our customers and users, ensuring transparency in the processing of personal data and the use of cookies. The Privacy Policy defines how the necessary personal data of users are collected, processed, and stored. The Service collects only the personal data necessary for the provision and development of the services offered. Personal data collected through the Service are processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) ("GDPR") and the Act of 10 May 2018 on the protection of personal data (consolidated text: Journal of Laws of 2019, item 1781).
Data Controller
The data controller for personal data collected by the Service and data collected through cookies is 5 Bonsai Spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw (address: 02-673 Warsaw, Konstruktorska 12), entered into the National Court Register kept by the District Court for the capital city of Warsaw in Warsaw, 13th Economic Department of the National Court Register under the KRS number 1070640, NIP 521-404-58-47, email address: iod [at] 5bonsai.com ("Administrator"). Questions or requests regarding data can be sent to the email address: iod [at] 5bonsai.com. The Administrator is authorized to process personal data when at least one of the following circumstances is met: (i) the person to whom the data relates has given consent to the processing of their personal data for one or more specified purposes, (ii) processing is necessary for the performance of a legal obligation incumbent on the Administrator, (iii) processing is necessary for the purposes arising from the legitimate interests pursued by the Administrator or by a third party. Each time the purpose, legal basis, period, scope, and recipients of personal data processed by the Administrator are determined by the actions taken by the user. Personal data is processed based on the user's consent or in cases where legal regulations authorize the Administrator to process personal data based on legal provisions or to fulfill a legal obligation incumbent on the Administrator or for the legitimate interests pursued by the Administrator or by a third party. The Service performs the function of obtaining information about users and their behaviors in the following ways: (a) through voluntarily entered information in forms, (b) through the collection of "cookies" files (cookie policy). The Service collects information voluntarily provided by the user.
Scope of Personal Data Processing
The Administrator may process the following personal data of users: first name, last name, email address, phone number, and data related to the use of the Service.
Processing Purposes
Personal data is processed for the following purposes:
- presenting the Administrator's offer via email or phone
- sending newsletters containing information about the Administrator's offers and services to the specified email address
- marketing, analytical and statistical activities, and improving the Service's services.
- in connection with the recruitment process, to the extent specified in the job advertisement
Providing data is voluntary but may be necessary to use some functionalities of the Service.
Rights of Data Subjects
Individuals whose data is processed have the right to access their personal data, rectify it, delete it, limit processing, transfer data, and object to processing, withdraw consent at any time (without affecting the legality of the processing based on consent before its withdrawal). A user who wishes to exercise their rights should send a notification to the email address: iod [at] 5bonsai.com. The user has the right to lodge a complaint with the President of the Office for Personal Data Protection if they believe that the processing violates their rights and freedoms (GDPR).
Data Storage Period
Personal data is stored until the purposes of their collection are achieved or until applicable regulations require their retention.
Sharing of Personal Data
User's personal data may be disclosed to: entities affiliated with the Administrator, its subcontractors, cooperating entities, e.g., entities providing courier/mail services, legal, tax, and accounting offices, entities supporting the Administrator in sending email messages, newsletters, hosting service providers, or IT services, entities providing support, including technical support for the storage of personal data, server provider. Recipients of data are or will be entities authorized to obtain personal data under the law. In principle, personal data will not be transferred outside the European Economic Area ("EEA"). Considering the provision of services by our subcontractors in providing support for IT services and IT infrastructure, the use of certain technological solutions on the website, and the way the website functions, we may commission certain IT tasks or activities to approved subcontractors operating outside the EEA, which may involve the transfer of data outside the EEA. Data transfer takes place to member states in accordance with the European Commission's decision on ensuring an adequate level of protection of personal data in these countries or to other countries outside the EEA based on an agreement containing standard contractual clauses accepted by the European Commission and with the application of additional safeguards ensuring data security. It is possible to obtain a copy of the data transferred to countries outside the EEA by contacting the Administrator.
Profiling
For the purpose of sending offers or newsletters within the scope of the Service's operation, such as traffic analysis, the Administrator may carry out profiling. Profiling carried out by the Administrator does not result in automated decisions that have legal effects on users or similarly significantly affect users, but only helps the Administrator tailor the Service to user expectations.
Security
We use technical and organizational measures to protect personal data against unauthorized access and other forms of illegal processing.
Cookies Policy
- Types of Cookies: We use session (temporary) and persistent cookies. Session cookies are temporary and expire when the browser is closed. Persistent cookies remain on the device until they expire or are manually deleted.
- Purposes of Using Cookies: Cookies are used to improve the functionality of the site, analyze traffic, remember user preferences, and for marketing purposes.
- Managing Cookies: Users can change cookie settings in their web browser at any time.
Changes to the Policy
The Administrator reserves the right to make changes to the Privacy Policy and Cookies, with no limitation of user rights. Any changes will be communicated on the website.
Effective Date: January 9, 2024.