Privacy Policy

go back

This Privacy Policy outlines the rules for storing and accessing data on Users’ Devices using the Service for the purposes of providing electronic services by the Administrator, as well as the rules for collecting and processing personal data of Users, which they personally and voluntarily provided via tools available on the Service.

This Privacy Policy is an integral part of the Service Regulations that define the rights and obligations of Users using the Service.

§1 Definitions

  • Service: the website “Navitor.pl” operating under the address https://navitor.pl.
  • External Service: external websites of partners, service providers, or clients cooperating with the Administrator.
  • Service/Data Administrator: The Administrator of the Service and Data (hereinafter referred to as the Administrator) is “Navitor Poland sp. z o.o.” with its business address at: al. Marszałka Józefa Piłsudskiego 34, 05-270 Marki, VAT number (NIP): PL1132846993, KRS number: 0000395775, providing electronic services through the Service.
  • User: a natural person for whom the Administrator provides services electronically via the Service.
  • Device: electronic device along with software through which the User gains access to the Service.
  • Cookies: text data collected in the form of files placed on the User’s Device.
  • GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation).
  • Personal data: information about an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
  • Processing: any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction.
  • Restriction of processing: marking stored personal data to limit their future processing.
  • Profiling: any form of automated processing of personal data, consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
  • Consent: consent of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
  • Data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
  • Pseudonymization: processing of personal data in such a way that they can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
  • Anonymization: the irreversible process of data operations that destroys or modifies “personal data,” preventing the identification or linking of a given record to a specific user or natural person.

§2 Data Protection Officer

Pursuant to Article 37 of the GDPR, the Administrator has not appointed a Data Protection Officer.

For matters related to data processing, including personal data, contact the Administrator directly.

§3 Types of Cookies

  • Internal cookies: files placed and read from the User’s Device by the Service’s IT system.
  • External cookies: files placed and read from the User’s Device by IT systems of external Services. Scripts of external Services that may place cookies on the User’s Devices were intentionally placed on the Service through scripts and services provided and installed on the Service.
  • Session cookies: files placed and read from the User’s Device by the Service during one session of the Device. After the session ends, the files are deleted from the User’s Device.
  • Persistent cookies: files placed and read from the User’s Device by the Service until manually deleted. The files are not automatically deleted after the session ends unless the User’s Device settings are configured to delete cookies after the session ends.

§4 Data Storage Security

Mechanisms for storing and reading cookies: The mechanisms for storing, reading, and exchanging data between cookies stored on the User’s Device and the Service are carried out through built-in web browser mechanisms and do not allow the retrieval of other data from the User’s Device or from other websites visited by the User, including personal data or confidential information. It is also practically impossible to transmit viruses, trojans, or other worms to the User’s Device.

Internal cookies: The cookies used by the Administrator are safe for Users’ Devices and do not contain scripts, content, or information that could endanger the security of personal data or the security of the Device used by the User.

External cookies: The Administrator takes all possible steps to verify and select Service partners with regard to User security. The Administrator selects well-known, large partners with global social trust. However, the Administrator does not have full control over the content of cookies from external partners. The Administrator is not responsible for the security of cookies, their content, or their proper use under the license by scripts installed in the Service from external services, as far as the law permits. The list of partners is included later in the Privacy Policy.

Control of cookies: The User can independently change the settings for saving, deleting, and accessing cookie data for any website at any time.

§5 Purposes for which cookies are used

Cookies are used for the following purposes:

  • To improve and facilitate access to the Service;
  • To personalize the Service for Users;
  • For marketing, remarketing in external services;
  • To provide statistics (users, number of visits, types of devices, connections, etc.);
  • To provide multimedia services;
  • To provide social media services.

§6 Purposes of Processing Personal Data

Personal data voluntarily provided by Users are processed for one of the following purposes:

  • To provide electronic services:
  • Newsletter service (including sending advertising content with consent);
  • Service of sharing information about the content posted on the Service via social media or other websites;
  • Communication between the Administrator and the Users regarding the Service and data protection;
  • To ensure the legitimate interests of the Administrator.
  • Data collected automatically and anonymously about Users is processed for one of the following purposes:
  • To maintain statistics;
  • For remarketing;
  • To ensure the legitimate interests of the Administrator.

§7 External Service Cookies

The Administrator uses JavaScript scripts and web components of partners in the Service that may place their own cookies on the User’s Device. Users can decide in their browser settings which cookies are allowed to be used by specific websites. Below is a list of partners or services implemented in the Service that may place cookies:

Multimedia services:

  • YouTube
  • Social media / combined services (Registration, Login, content sharing, communication, etc.):
  • Twitter
  • Facebook
  • Google+
  • Content sharing services:
  • Instagram
  • Newsletter services:
  • Freshmail
  • MailChimp
  • Statistical services:
  • Google Analytics
  • WordPress Stats (Automattic Inc.)
  • Facebook Analytics for Apps

Services provided by third parties are beyond the control of the Administrator. These entities may change their terms of service, privacy policies, data processing goals, and methods of cookie use at any time.

§8 Types of Data Collected

The Service collects data about Users. Some data is collected automatically and anonymously, and some data is personal data provided voluntarily by Users when subscribing to the services offered by the Service.

Anonymously collected data automatically:

  • IP address;
  • Browser type;
  • Screen resolution;
  • Approximate location;
  • Pages visited within the Service;
  • Time spent on a given page;
  • Operating system type;
  • Referrer address;
  • Browser language;
  • Internet connection speed;
  • Internet Service Provider.

Data collected during registration:

  • Email address;
  • IP address (collected automatically).

Data collected when subscribing to the Newsletter service:

  • Name / surname / nickname;
  • Email address;
  • IP address (collected automatically).

Data collected when posting a comment:

  • Name and surname / nickname;
  • Email address;
  • Website address;
  • IP address (collected automatically).

Some data (excluding identifying data) may be stored in cookies. Some data (excluding identifying data) may be shared with the provider of statistical services.

§9 Access to Personal Data by Third Parties

As a rule, the only recipient of the personal data provided by Users is the Administrator. Data collected within the framework of the provided services are not shared or sold to third parties.

Access to data (most often based on a data processing agreement) may be granted to entities responsible for maintaining the infrastructure and services necessary to operate the Service, including:

  • Hosting companies providing hosting services or related services for the Administrator;
  • Companies through which the Newsletter service is provided;
  • IT service and support companies responsible for maintaining the IT infrastructure.

Entrusting the processing of personal data – Newsletter:

The Administrator uses the services of a third party – the service Freshmail and MailChimp – to provide the Newsletter service. Data entered in the Newsletter subscription form is forwarded, stored, and processed in the external service of this provider.

§10 Processing of Personal Data

Personal data voluntarily provided by Users:

Personal data will not be transferred outside the European Union unless it was published as a result of the User’s individual actions (e.g., posting a comment or entry), which makes the data available to any visitor of the Service.

  • Personal data will not be used for automated decision-making (profiling).
  • Personal data will not be sold to third parties.

Anonymized data (without personal data) collected automatically:

  • Anonymized data will be transferred outside the European Union.
  • Anonymized data will not be used for automated decision-making (profiling).
  • Anonymized data will not be sold to third parties.

§11 Legal Grounds for Processing Personal Data

The Service collects and processes Users’ data based on:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and the repeal of Directive 95/46/EC (General Data Protection Regulation):
  • Article 6(1)(a): The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Article 6(1)(b): Processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject before entering into a contract.
  • Article 6(1)(f): Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.
  • The Personal Data Protection Act of May 10, 2018.
  • The Telecommunications Law of July 16, 2004.

The Copyright Act of February 4, 1994.

§12 Period of Personal Data Processing

Personal data voluntarily provided by Users:

  • As a rule, personal data is stored only for the duration of the Service provided by the Administrator. They are deleted or anonymized within 30 days of the termination of the services (e.g., deletion of a registered user account, unsubscription from the Newsletter).
  • An exception is made for situations that require the protection of the legitimate interests of the Administrator. In such cases, the Administrator will store the data from the time of the request for their deletion for no longer than 3 years in the case of violation or suspicion of violating the Service’s regulations by the User.

Anonymized data (without personal data) collected automatically:

  • Anonymized statistical data not constituting personal data is stored by the Administrator for an indefinite period for the purpose of maintaining Service statistics.

§13 Users’ Rights Related to Personal Data Processing

The Service collects and processes Users’ data based on the following rights:

  • Right of access to personal data: Users have the right to access their personal data by submitting a request to the Administrator.
  • Right to rectify personal data: Users have the right to request immediate rectification of incorrect personal data or completion of incomplete personal data by submitting a request to the Administrator.
  • Right to delete personal data: Users have the right to request immediate deletion of personal data by submitting a request to the Administrator. In the case of user accounts, the deletion of data involves the anonymization of data that allows the User to be identified. The Administrator reserves the right to suspend the execution of the request to delete data in order to protect the legitimate interest of the Administrator (e.g., if the User has violated the Service’s regulations or if the data was obtained as a result of ongoing correspondence). In the case of the Newsletter service, Users have the option to delete their personal data themselves using the link provided in every email message.
  • Right to restrict the processing of personal data: Users have the right to restrict the processing of their personal data in cases specified in Article 18 of the GDPR, e.g., questioning the correctness of personal data, by submitting a request to the Administrator.
  • Right to data portability: Users have the right to obtain personal data concerning them in a structured, commonly used, machine-readable format by submitting a request to the Administrator.
  • Right to object to the processing of personal data: Users have the right to object to the processing of their personal data in cases specified in Article 21 of the GDPR by submitting a request to the Administrator.
  • Right to lodge a complaint: Users have the right to lodge a complaint with the supervisory authority responsible for personal data protection.

§14 Contact Information for the Administrator

You can contact the Administrator in one of the following ways:

  • Postal address: Navitor Poland sp. z o.o., al. Marszałka Józefa Piłsudskiego 34, 05-270 Marki, Poland
  • Email address: info@navitor.pl
  • Phone number: +48 728 448 408
  • Contact form: available at the address: /contact

§15 Service Requirements

  • Limiting the ability to save and access cookies on the User’s Device may cause some features of the Service to malfunction.
  • The Administrator is not responsible for any malfunctioning features of the Service if the User restricts the possibility of saving and reading cookies in any way.

§16 External Links

The Service – in articles, posts, entries, or User comments – may contain links to external websites with which the Service Owner does not cooperate. These links and the pages or files they direct to may pose a threat to your Device or the security of your data. The Administrator is not responsible for the content found outside the Service.

§17 Changes to the Privacy Policy

  • The Administrator reserves the right to make any changes to this Privacy Policy without informing the Users about it in relation to the use and handling of anonymous data or the use of cookies.
  • The Administrator reserves the right to make any changes to this Privacy Policy regarding the processing of Personal Data, about which the Users who have user accounts or are subscribed to the newsletter will be informed via email within 7 days from the change. Continued use of the services indicates familiarity with and acceptance of the introduced changes to the Privacy Policy. If the User does not agree with the introduced changes, they are obliged to delete their account from the Service or unsubscribe from the newsletter.
  • Changes to the Privacy Policy will be published on this subpage of the Service.
  • The changes take effect at the moment of their publication.