PRIVACY POLICY AND COOKIE SETTINGS
FOR THE WEBSITE
LOCALLEAGUE.ORG
GENERAL PROVISIONS
This privacy policy of the Website is informative, which means that it is not a source of obligations for the users of the Website. The privacy policy contains mainly the rules for processing personal data collected by the Administrator on the Website, including the basis, purposes and period of processing personal data and the rights of the persons whose data concern, as well as information on the use of Cookies and similar technologies and analytical tools on the Website.
The administrator of personal data collected through the Website is Michał Hołodyn conducting business activity under the name TREASURY GROUP MICHAŁ HOŁODYN entered into the Central Register and Information on Economic Activity of the Republic of Poland kept by the minister competent for economy, having the address for service: Aleja Jana Pawła II 27, 00-867 Warsaw, Poland NIP 1181354675, REGON 141603166, e-mail address: info@localleague.com, ph +48 459 568 871 hereinafter referred to as "Administrator" and being also the Owner of the Website.
Personal data on the Website are processed by the Administrator in accordance with applicable legal provisions, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) - hereinafter referred to as "GDPR" or "GDPR Regulation". Official text of GDPR Regulation: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679
The use of the Website is voluntary. Similarly, providing personal data by the user using the Website is voluntary, subject to that not providing by the user certain data required for using a specific functionality of the Website - may result in inability to use this functionality (e.g. contact form). Providing personal data is in such a case a contractual requirement and if a person whose data concern wants to use a specific functionality provided on the Website by the Administrator, he/she is obliged to provide required data. Each time, the scope of data required to use functionality of the Website is indicated by the Administrator on the Website (e.g. before filling in a contact form).
The Administrator takes special care to protect interests of persons whose personal data processed by him concern, and in particular he is responsible and ensures that collected by him data are: (1) processed in accordance with law; (2) collected for specified, lawful purposes and not subjected to further processing incompatible with those purposes; (3) factually correct and adequate in relation to purposes for which they are processed; (4) stored in a form enabling identification of persons whom they concern, no longer than it is necessary to achieve purpose of processing and (5) processed in a way ensuring appropriate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by means of appropriate technical or organizational measures.
Taking into account nature, scope, context and purposes of processing as well as risk of violation of rights or freedoms of natural persons with different probability and severity level of threat, Administrator implements appropriate technical and organizational measures so that processing takes place in accordance with GDPR Regulation and he can demonstrate it. These measures are subject to review and update if necessary. The Administrator uses technical measures preventing acquisition and modification by unauthorized persons personal data transmitted electronically.
BASIS FOR DATA PROCESSING
The Controller is authorized to process personal data in cases where - and to the extent that - at least one of the following conditions is met: (1) the data subject has consented to the processing of his or her personal data for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the Controller is subject; or (4) processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject that require protection of personal data, in particular when the data subject is a child. The processing of personal data by the Controller requires each time the existence of at least one of the bases indicated above. The specific bases for processing personal data of users of the Website by the Controller are indicated in the next point of the privacy policy - in relation to a given purpose of processing personal data by the Controller.
PURPOSE, BASIS AND PERIOD OF PROCESSING DATA ON THE WEBSITE
The purpose, basis and period as well as recipients of personal data processed by the Controller result from the actions taken by a given user on the Website.
The Controller may process personal data on the Website for the following purposes, on the following bases and for the period according to the table below:
The purpose of data processing
Legal bases for data processing
Data retention period
Using the electronic services provided by the Administrator on the Website.
Article 6(1)(b) of the GDPR (performance of a contract) – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, such as e.g. providing a response to an inquiry sent by the user via a contact form.
Data are stored for the period necessary to perform, terminate or expire in any other way the contract concluded with the Administrator, e.g. for the time needed to provide the user with a response to an inquiry sent via a contact form.
Maintaining tax records.
Article 6(1)C of the GDPR Regulation in connection with Article 86(1) of the Tax Ordinance of 17 January 2017 (Journal of Laws of 2017, item 201, as amended) - processing is necessary for compliance with a legal obligation to which the Controller is subject”.
Data are stored for the period required by the legal provisions imposing on the Controller the obligation to keep tax books (until the expiry of the limitation period for the tax liability, unless the tax laws provide otherwise).
Establishment, pursuit or defence of claims that may be raised by the Controller or that may be raised against the Controller.
Article 6(1)(f) of the GDPR – processing is necessary for the purposes of the legitimate interests pursued by the Controller – consisting in establishing, pursuing or defending claims that may be raised by or against the Controller.
The data are stored for the period of existence of the legitimate interest pursued by the Controller, but no longer than for the period of limitation of claims in relation to the person whose data concern, arising from the business activity conducted by the Controller. The limitation period is determined by the provisions of law, in particular the Civil Code (the basic limitation period for claims that may be raised against the Controller is six years).
Using the Website and ensuring its proper functioning.
Article 6(1)(f) of the GDPR (legitimate interest of the controller) – processing is necessary for the purposes of the legitimate interests pursued by the Controller – consisting in running and maintaining the Website.
The data is stored for the period of existence of a legitimate interest pursued by the Administrator, but not longer than for the period of limitation of the Administrator’s claims against the person to whom the data relates, arising from the Administrator’s business activity. The limitation period is determined by the provisions of law, in particular the Civil Code (the basic limitation period for claims related to business activity is three years).
Conducting statistics and analysis of traffic on the Website
Article 6 paragraph 1 letter f) of the GDPR Regulation (legitimate interest of the administrator) - processing is necessary for the purposes resulting from the legitimate interests of the Administrator - consisting in conducting statistics and analysis of traffic on the Website in order to improve the functioning of the Website
The data is stored for the period of existence of a legitimate interest pursued by the Administrator, but not longer than for the period of limitation of the Administrator’s claims against the person to whom the data relates, arising from the Administrator’s business activity. The limitation period is determined by the provisions of law, in particular the Civil Code (the basic limitation period for claims related to business activity is three years).
DATA RECIPIENTS ON THE WEBSITE
For the proper functioning of the Website, it is necessary for the Administrator to use the services of external entities (such as, for example, a software provider). The Administrator uses only the services of such processors who provide sufficient guarantees of implementing appropriate technical and organizational measures, so that the processing meets the requirements of the GDPR Regulation and protects the rights of the data subjects.
Personal data may be transferred by the Administrator to a third country, in which case the Administrator ensures that in such a case it will take place in relation to a country providing an adequate level of protection - in accordance with the GDPR Regulation, and in the case of other countries, that the transfer will take place on the basis of standard data protection clauses. The Administrator ensures that the data subject has the possibility to obtain a copy of their data. The Administrator transfers the collected personal data only in the case and to the extent necessary to achieve a given data processing purpose consistent with this privacy policy.
The transfer of data by the Administrator does not take place in every case and not to all recipients or categories of recipients indicated in the privacy policy - the Administrator transfers data only when it is necessary to achieve a given purpose of processing personal data and only to the extent necessary to achieve it.
Personal data of users of the Website may be transferred to the following recipients or categories of recipients:
• service providers supplying the Administrator with technical, IT and organizational solutions, enabling the Administrator to conduct business activities, including his Website and electronic services (in particular, computer software providers for running the Website, e-mail and hosting providers and software providers for managing the company and providing technical support to the Administrator) - the Administrator makes available the collected personal data of the user to a selected supplier acting on his behalf only in the case and to the extent necessary to achieve a given data processing purpose consistent with this privacy policy.
• providers of social plugins, scripts and other similar tools placed on the Website, enabling the browser of the person visiting the Website to download content from the providers of these plugins (e.g. logging in using login data to a social networking site) and transferring personal data of the visitor to these providers for this purpose, including also:
-
Meta Platforms Ireland Ltd. - The Administrator may use social plugins of Facebook and Instagram services on the Website and in connection with this may collect and share personal data of the user using the Website to Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland) to the extent and in accordance with the privacy policies available - for Facebook - here: [https://www.facebook.com/about/privacy/] and - for Instagram - here: [https://help.instagram.com/519522125107875/?helpref=hc_fnav] (these data include information about activities on the Online Store website - including information about the device, visited websites, displayed ads and how to use the services - regardless of whether the Service Recipient has an account on Facebook or Instagram and whether they are logged in to Facebook or Instagram).
PROFILING
The GDPR Regulation imposes on the Administrator the obligation to inform about automated decision making, including profiling, referred to in Article 22 (1) and (4) of the GDPR Regulation, and - at least in these cases - relevant information about the rules of their making, as well as the meaning and expected consequences of such processing for the person whose data concern. With this in mind, the Administrator provides in this point of the privacy policy information on possible profiling.
The Administrator may use profiling on the Website for direct marketing purposes, but the decisions made on its basis by the Administrator do not concern the conclusion or refusal to conclude a contract or the possibility of using electronic services on the Website. Despite profiling, a given person makes a free decision whether he or she wants to use the discount or offer received in this way from the Administrator.
Profiling on the Website may consist of automatic analysis or prediction of the behavior of a given person on the Website, e.g. by analyzing the previous history of activity on the Website. The condition for such profiling is that the Administrator has personal data of a given person, in order to be able to send him or her e.g. a discount code or an offer.
The person whose data concern has the right not to be subject to a decision that is based solely on automated processing, including profiling, and has legal effects on that person or similarly significantly affects that person.
RIGHTS OF THE PERSON WHOSE DATA CONCERN
Right of access, rectification, restriction, erasure or portability - the person whose data concern has the right to request from the Administrator access to his or her personal data, their rectification, erasure (“right to be forgotten”) or restriction of processing and has the right to object to processing, as well as has the right to transfer his or her data. The detailed conditions for exercising the above rights are indicated in Articles 15-21 of the GDPR Regulation.
Right to withdraw consent at any time - a person whose data are processed by the Administrator on the basis of expressed consent (on the basis of Article 6 (1) (a) or Article 9 (2) (a) of the GDPR Regulation), has the right to withdraw consent at any time without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal.
Right to lodge a complaint with a supervisory authority - a person whose data are processed by the Administrator has the right to lodge a complaint with a supervisory authority in the manner and mode specified in the provisions of the GDPR Regulation and Polish law, in particular the Act on Personal Data Protection. The supervisory authority in Poland is the President of the Office for Personal Data Protection.
Right to object - a person whose data concern has the right at any time to object - for reasons related to his or her particular situation - to processing of his or her personal data based on Article 6 (1) (e) (interest or public tasks) or (f) (legitimate interest of the administrator), including profiling based on these provisions. In such a case, the Administrator may no longer process these personal data unless he or she demonstrates the existence of valid legitimate grounds for processing, overriding the interests, rights and freedoms of the person whose data concern, or grounds for establishing, pursuing or defending claims.
Right to object to direct marketing - if personal data are processed for direct marketing purposes, a person whose data concern has the right at any time to object to processing of his or her personal data for such marketing purposes, including profiling, to the extent that processing is related to such direct marketing.
In order to exercise the rights referred to in this point of the privacy policy, you can contact the Administrator by sending an appropriate message in writing or by e-mail to the Administrator’s address indicated at the beginning of the privacy policy.
COOKIES ON THE WEBSITE AND ANALYTICS
Cookie files (cookies) are small text information in the form of text files, sent by the server and saved on the side of the person visiting the Website (e.g. on the hard disk of a computer, laptop, or on the memory card of a smartphone - depending on which device the visitor uses our Website). Detailed information about Cookies, as well as the history of their creation can be found, among others here: https://pl.wikipedia.org/wiki/HTTP_cookie.
Cookies that can be sent by the Website can be divided into different types, according to the following criteria:
According to their provider:
1) our own (created by the Website Administrator) and
2) belonging to third parties (other than the Administrator)
According to their storage period on the device of the person visiting the Website:
1) session (stored until leaving the Website or turning off the web browser) and
2) permanent (stored for a specified time, defined by the parameters of each file or until manually deleted)
Based on the purpose of their use:
1) essential (enabling the proper functioning of the Website),
2) functional/preferential (enabling the customization of the Website to the preferences of the person visiting the website),
3) analytical and performance (collecting information about how the Website is used),
4) marketing, advertising and social (collecting information about the person visiting the Website in order to display advertisements to that person, their personalization, measuring effectiveness and conducting other marketing activities, including on websites other than the Website, such as social media platforms or other websites belonging to the same advertising networks as the Website)
The Administrator may process the data contained in the Cookies files when the visitors use the Website for the following specific purposes:
The purpose of using Cookie files
on the Administrator’s Website
remembering data from filled forms (Cookies necessary or/and functional/ preferential)
adjusting the content of the Website to the individual preferences of the user (e.g. regarding colors, font size, page layout) and optimizing the use of the Website (Cookies functional/ preferential)
conducting anonymous statistics showing how the Website is used (Cookies analytical and performance)
Checking in the most popular web browsers, what Cookie files (including the period of functioning of Cookie files and their provider) are sent at a given moment by the Website, is possible in the following way:
In the Chrome browser:
(1) click on the lock icon on the left side of the address bar,
(2) go to the “Cookies” tab.
In the Firefox browser:
(1) click on the shield icon on the left side of the address bar, (2) go to the “Allowed” or “Blocked” tab, (3) click on the box “Cross-site tracking cookies”, “Social media trackers” or “Content with tracking elements”.
In the Internet Explorer browser:
(1) click on the “Tools” menu, (2) go to the “Internet Options” tab, (3) go to the “General” tab, (4) go to the “Settings” tab, (5) click on the box “View files”.
In the Opera browser:
(1) click on the lock icon on the left side of the address bar, (2) go to the “Cookies” tab.
In the Safari browser:
(1) click the “Preferences” menu, (2) go to the “Privacy” tab, (3) click on the “Manage Website Data” field.
Regardless of the browser, using tools available for example on the website: https://www.cookiemetrix.com/
By default, most web browsers available on the market accept saving Cookies files. Everyone has the option to specify the conditions for using Cookies files using the settings of their own web browser. This means that you can, for example, partially limit (e.g. temporarily) or completely disable the possibility of saving Cookies files - in the latter case, however, this may affect some functionalities of the Website.
The settings of the web browser in the scope of Cookies files are important from the point of view of consent to the use of Cookies files by our Website - according to the regulations, such consent can also be expressed through the settings of the web browser. Detailed information on how to change the settings regarding Cookies files and their self-removal in the most popular web browsers are available in the help section of the web browser and on the following pages (just click on a link):