PRIVACY POLICY ON THE WEBSITE
1. Definitions
1.1 Controller – BURY spółka z ograniczoną odpowiedzialnością with its registered office in Mielec, ul. Wojska Polskiego 4, 39-300 Mielec.
1.2 Personal data – all information about an individual identified or identifiable by one or more specific factors, including device IP, location data, Internet ID and information collected through cookies and other similar technology.
1.3 Policy – this Privacy Policy.
1.4 GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
1.5 Website – the website maintained by the Controller at the following address www.bury.com.
1.6 User – any natural person visiting the Website or using one or more of the services or functionalities described in the Policy.
2. Processing of users’ personal data in connection with the use of the Website
In connection with the User’s usage of the Website, the Controller collects data to the extent necessary to provide the particular services offered and information about the User’s activity on the Website. The detailed rules and purposes for processing personal data collected during the User’s use of the Website are described below.
2.1. Cookies
Our Website uses cookies. Cookies are small text files stored on the User’s computer and saved by the User’s browser. Cookies do not harm the User’s computer and do not contain viruses. Cookies make our Website more user-friendly, efficient and secure.
Most of the cookies we use are so-called “session cookies.” They are automatically deleted after the User’s visit to our Website ends. Other cookies remain in the device’s memory until the User deletes them. These cookies allow us to recognize your browser when you revisit our Website.
The use of cookies on the Website is not intended to identify Users. The Policy governs the processing of data related to the use of our own cookies.
NECESSARY COOKIES
The Controller uses the necessary cookies primarily to provide Users with the services and functionalities of the Website that the User wants to use.
The Controller can only install the necessary cookies through the Website.
The legal basis for the processing of data in connection with the use of necessary cookies is the necessity of the processing for the performance of the contract (Article 6(1)(b) of the GDPR).
FUNCTIONAL AND ANALYTICS COOKIES
Functional cookies are used to remember and customize the Website according to the User’s choices, such as language preferences.
Analytics cookies enable the acquisition of information such as the number of visits and traffic sources on the Website. These are used to determine which pages are more and which are less popular and to understand how Users navigate the site by keeping statistics on Website traffic. Data processing is done to improve the performance of the Website. The information collected by these cookies is aggregated, so they are not intended to reveal User’s identity.
The legal basis for the processing of Personal Data in connection with the use of necessary and analytics cookies by the Controller for this purpose is its legitimate interest (Article 6(1)(f) of the GDPR), which is to ensure the highest quality of services provided on the Website.
The processing of Personal Data in connection with functional and analytical cookies is subject to the User’s consent to the use (separately) of functional and analytics cookies through the cookie consent management tools. This consent can be withdrawn at any time through these tools.
MARKETING COOKIES
Marketing cookies are used to track Users on websites. These types of cookies may be used to provide the User with social features in connection with the use of the services of our Social Partners, who may use them for marketing purposes and to track Users’ use of the embedded services. The partners may combine this information with other data received from the User or obtained while using their services and use it for marketing purposes.
The legal basis for the processing of Personal Data in connection with the use of necessary and analytics cookies by the Controller for this purpose is its legitimate interest (Article 6(1)(f) of the GDPR), which is to ensure the highest quality of services provided on the Website.
The processing of Personal Data in connection with marketing cookies is possible after obtaining the User’s consent to the use of consent through consent management tools. This consent can be withdrawn at any time through these tools.
2.2. Server Log Files
The Controller automatically collects and stores information that your browser sends to us as “server log files.” These include:
- browser type and version
- operating system used
- reference URL
- hostname of the connecting computer
- the exact date and time of notification by the server
- IP address
The data will not be combined with data from other sources.
The legal basis for the processing of personal data is the legitimate interest of the Controller (Article 6(1)(f) GDPR), consisting of the need to ensure the proper operation of the Website and to analyze the use of the Website by Users.
3. Purposes and legal basis of data processing on the Website
Personal data of all persons using the Website (including IP address or other identifiers and information collected through cookies or other similar technologies) are processed by the Controller:
3.1. To provide services electronically in terms of providing Users with access to content collected on the Website – in which case the legal basis for processing is the necessity of processing for the performance of the contract (Article 6(1)(b) GDPR);
3.2. For analytical and statistical purposes – in which case the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) GDPR) consisting in conducting analyses of Users’ activities, as well as their preferences to improve the functionalities used and services provided;
3.3. For marketing purposes – in which case the legal basis of the processing is its legitimate interest of the Controller (Article 6(1)(f) GDPR), which is to provide the highest quality of services provided on the Website.
3.4. For possible establishment and investigation of claims or defence against them – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR) to protect their rights.
3.5. The User’s activity on the Website, including their personal data, is recorded in system logs (a special computer program used to keep a chronological record containing information about events and activities concerning the computer system used to provide services by the Controller). The data collected in the logs are processed primarily for purposes related to the provision of services. The Controller also processes them for technical and administrative purposes, to ensure the security of the IT system and the management of this system, as well as for analytical and statistical purposes – in this regard, the legal basis for processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR).
3.6. If the User submits questions to the Controller or an entity of the BURY Group via a contact form, we will collect the data entered into the form, including the contact information provided, in order to answer the questions.
To handle a request or answer a question sent via a contact form – the legal basis for processing will be the legitimate interest of the Controller or the BURY Group entity to which the question is directed (Article 6(1)(f) of the GDPR); the legitimate interest is to enable the handling of requests and to provide answers to questions asked by persons interested in the services or products of the Controller or the BURY Group.
4. Period of personal data processing
4.1. The period of data processing by the Controller depends on the type of service provided and the purpose of the processing. As a general rule, data are processed for the duration of the service or contract performance, until the withdrawal of the consent given, or until an effective objection is made to the data processing in cases where the legal basis for the data processing is the legitimate interest of the Controller.
4.2. The data processing period may be extended if the processing is necessary for the establishment, investigation or defence of possible claims and only if and to the extent required by law. The data are irreversibly deleted or anonymized at the end of the processing period.
5. User’s rights
5.1. The User has the right: to access the content of the data and to request rectification, deletion, restriction of processing, the right to data portability and the right to object to data processing, as well as the right to lodge a complaint to the supervisory authority in charge of personal data protection.
5.2. To the extent your data is processed based on your consent, you may withdraw it at any time by contacting the Controller at the e-mail address: rodo@bury.com or postal address: ul. Wojska Polskiego 4, 39-300 Mielec.
5.3. The User has the right to object to the processing of data for marketing purposes if the processing is carried out in connection with the legitimate interest of the Controller, as well as – for reasons related to the User’s particular situation – in other cases where the legal basis for data processing is the legitimate interest of the Controller (e.g. in connection with the implementation of analytical and statistical purposes).
5.4. For more information about your rights under the GDPR, please see our BURY Group Data Processing Policy, which you can read here.
6. Recipients of data
6.1. In connection with the performance of services, personal data will be disclosed to external entities, including, in particular, suppliers responsible for the operation of IT systems; entities related to the Controller, including companies in its Capital Group.
6.2. If the User’s consent is obtained, his data may also be made available to other entities for their own purposes, including marketing purposes.
6.3. The Administrator reserves the right to disclose selected information concerning the User to competent authorities or third parties who request such information, relying on the relevant legal basis and following the provisions of the applicable law.
7. Transfers of data outside the EEA
7.1. The level of protection for personal data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Controller transfers personal data outside the EEA only when necessary and with an adequate degree of protection, primarily by:
- Cooperation with processors of personal data in countries for which a relevant decision of the European Commission has been issued;
- Use of standard contractual clauses issued by the European Commission;
- Application of binding corporate rules approved by the relevant supervisory authority;
7.2. The Controller always informs about the intention to transfer personal data outside the EEA at the collection stage.
8. Security of personal data
8.1. The Controller conducts a risk analysis on an ongoing basis to ensure that personal data is securely processed by the Controller – ensuring, first and foremost, that only authorized persons have access to the data and only to the extent necessary for the tasks they perform. The Controller shall ensure that all operations on personal data are recorded and performed only by authorized employees and associates.
8.2. The Website uses SSL or TLS encryption for security reasons and to protect the personal data and confidential information transmitted, such as queries that are sent by Users. Users can recognize an encrypted connection by changing the address of the page in their browser from “http://” to “https://”, and a padlock icon appears next to it.
If SSL or TLS encryption is activated, third parties will not read the data transmitted.
8.3. In addition, the Company shall take all necessary measures to ensure that its subcontractors and other cooperating entities also provide guarantees to apply appropriate security measures whenever they process personal data on behalf of the Company.
9. Contact information
Contact with the Controller is possible through the e-mail address: rodo@bury.com or postal address: Wojska Polskiego 4, 39-300 Mielec, Poland.
10. Changes to the Policy
The policy is reviewed on an ongoing basis and updated as necessary. The current version of the Policy was adopted on 1.02.2023.