GDPR Information Obligation

go back

The following information provides a concise, understandable, and clear summary of the details included in the Privacy Policy regarding the Data Controller, the purpose and method of personal data processing, and your rights related to this processing, in the form required to meet the GDPR information obligation. Details regarding the method of processing and the entities involved in this process are available in the mentioned policy.

Who is the Data Controller?

The Data Controller (hereinafter referred to as the “Controller”) is the company “Navitor Poland sp. z o.o.,” operating at the address: al. Marszałka Józefa Piłsudskiego 34, Marki, with the assigned Tax Identification Number (NIP): 1132846993, and the assigned National Court Register Number (KRS): 0000395775. The company provides services electronically via the Website.

How can you contact the Data Controller?

You can contact the Controller in one of the following ways:

  • Postal address: Navitor Poland sp. z o.o., al. Marszałka Józefa Piłsudskiego 34, Marki
  • Email address: info@navitor.pl
  • Phone number: +48 534 567 401
  • Contact form: Available at /contact

Has the Data Controller appointed a Data Protection Officer (DPO)?

Based on Article 37 of GDPR, the Controller has not appointed a Data Protection Officer. For matters related to data processing, including personal data, please contact the Controller directly.

Where do we obtain personal data from, and what are their sources?

The data is obtained from the following sources:

  • From the individuals whose data is processed.
  • In the case of registration using social media, with the expressed, informed consent of these individuals, from those social media platforms.

What is the scope of personal data processed by us?

In the service, only standard personal data provided voluntarily by the individuals is processed (e.g., name, surname, login, email address, phone number, IP address, etc.). The detailed scope of processed data is available in the Privacy Policy.

What are the purposes of processing personal data?

The personal data voluntarily provided by users is processed for one of the following purposes:

  • Providing electronic services:
  • Registration and maintenance of a user account in the service and its related functionalities.
  • Newsletter service (including sending advertising content with consent).
  • Commenting/liking posts in the service without registration.
  • Communication between the Controller and Users on matters related to the service and data protection.
  • Ensuring the legitimate interest of the Controller.

What are the legal bases for processing data?

The service collects and processes users’ data based on:

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation):

  • Article 6(1)(a): The data subject has given consent to the processing of their personal data for one or more specified purposes.
  • Article 6(1)(b): Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
  • Article 6(1)(f): Processing is necessary for the purposes of legitimate interests pursued by the Controller or by a third party.
  • The Act of 10 May 2018 on Personal Data Protection (Journal of Laws 2018, item 1000).
  • The Act of 16 July 2004 Telecommunications Law (Journal of Laws 2004, No. 171, item 1800).
  • The Act of 4 February 1994 on Copyright and Related Rights (Journal of Laws 1994, No. 24, item 83).

What is the legitimate interest pursued by the Controller?

The legitimate interests pursued by the Controller include:

  • Establishing, exercising, or defending against legal claims – the legal basis for processing is our legitimate interest (Article 6(1)(f) GDPR), which includes protecting our rights.
  • Assessing the risks of potential clients.
  • Evaluating planned marketing campaigns.
  • Direct marketing.

For how long do we process personal data?

As a rule, the specified personal data is stored only for the duration of the service provision within the framework of the service provided by the Controller. It is deleted or anonymized within 30 days of the termination of the service (e.g., account deletion, unsubscribing from the newsletter).

In exceptional situations, in order to protect the legitimate interest pursued by the Controller, this period may be extended. In such a case, the Controller will retain the data for no longer than 3 years from the time the user requests its deletion, in case of a breach or suspected breach of the service’s regulations by the individual concerned.

Who are the recipients of the data, including personal data?

As a rule, the only recipient of the data is the Controller.

However, data processing may be entrusted to other entities providing services to the Controller for the maintenance of the Service’s operations. Such entities may include:

  • Hosting companies providing hosting or related services to the Controller.
  • Companies through which the newsletter service is provided.

Will your personal data be transferred outside the European Union?

Personal data will not be transferred outside the European Union unless published as a result of an individual’s action (e.g., submitting a comment or post), which will make the data accessible to anyone visiting the service.

Will personal data be subject to automated decision-making?

Personal data will not be used for automated decision-making (profiling).

What rights do you have related to the processing of personal data?

  • Right of access to personal data: Users have the right to access their personal data, exercised upon request to the Controller.
  • Right to rectification of personal data: Users have the right to request the immediate rectification of incorrect personal data or the completion of incomplete personal data, exercised upon request to the Controller.
  • Right to erasure of personal data: Users have the right to request the immediate deletion of personal data, exercised upon request to the Controller. For user accounts, deletion means anonymization of data that can identify the user. For the newsletter service, users can delete their personal data by using the link included in every email message.
  • Right to restriction of personal data processing: Users have the right to restrict the processing of personal data in the cases specified in Article 18 of GDPR, such as questioning the accuracy of personal data, exercised upon request to the Controller.
  • Right to data portability: Users have the right to receive personal data concerning them in a structured, commonly used, machine-readable format, exercised upon request to the Controller.
  • Right to object to personal data processing: Users have the right to object to the processing of their personal data in cases specified in Article 21 of GDPR, exercised upon request to the Controller.
  • Right to lodge a complaint: Users have the right to lodge a complaint with the supervisory authority responsible for data protection.