PRIVACY POLICY |
||||
1. | This Privacy Policy sets out the principles of protection of the collection, processing and use of personal data obtained by YACHTSUN LIMITED and the website phillipyachtsuncharter.com (hereinafter referred to as the Website ). | |||
2. | The owner of the Website and at the same time the data administrator is Michał Setlak, running a business under the name YACHTSUN LIMITED with its registered office in Mjini Magharibi-Unguja, West ‘B, Nyamazi, 71215 Unit F 9/2 Fumba Town, Zanzibar, Tanzania, TIN: 167-510-094 , hereinafter referred to as YACHTSUN LIMITED. | |||
3. | Personal data collected by YACHTSUN LIMITED via the Website are processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), also known as GDPR . | |||
4. | YACHTSUN LIMITED takes special care to respect the privacy of customers visiting the Website. | |||
§ 1 Type of data processed, purposes and legal basis | ||||
1. | YACHTSUN LIMITED collects information about natural persons performing legal transactions not directly related to their business, natural persons conducting business or professional activity on their own behalf, and natural persons representing legal persons or organizational units that are not legal persons and which are granted legal capacity by law, hereinafter collectively referred to as Customers. | |||
2. | Customers’ personal data are collected in the event of: | |||
and) | registering an account on the Website, in order to create an individual account and manage this account. Legal basis : necessity to perform the contract for the provision of the Account service (Article 6(1)(b) of the GDPR); | |||
b) | placing an order on the Website in order to execute the sales contract. Legal basis : necessity to perform the sales contract (Article 6(1)(b) of the GDPR); | |||
c) | using the contact form service on the Website in order to perform a contract provided electronically. Legal basis : necessity to perform the contract for the provision of contact form services (Article 6(1)(b) of the GDPR). | |||
3. | When registering an account on the Website, the Customer provides: | |||
and) | e-mail adress; | |||
c) | first name and last name; | |||
d) | Phone number. | |||
4. | When registering an account on the Website, the Customer independently sets an individual password to access his account. The customer may change the password at a later time, according to the rules described in §5. | |||
5. | When placing an order on the Website, the Customer provides the following data: | |||
and) | e-mail adress; | |||
c) | first name and last name; | |||
d) | Phone number. | |||
6. | In the case of Entrepreneurs, the above scope of data is additionally extended by: | |||
and) | Entrepreneur’s company; | |||
b) | number nip; | |||
c) | REGON number. | |||
7. | If you use the contact form service, the Customer provides the following data: | |||
and) | e-mail adress; | |||
b) | first name and last name. | |||
8. | When using the Website, additional information may be downloaded, in particular: the IP address assigned to the Customer’s computer or the external IP address of the Internet provider, domain name, browser type, access time, operating system type. | |||
9. | Navigational data may also be collected from Customers, including information about links and references they decide to click or other activities undertaken on the Website. Legal basis – legitimate interest (Article 6(1)(f) of the GDPR), consisting in facilitating the use of services provided electronically and in improving the functionality of these services. | |||
10. | In order to determine, pursue and enforce claims, some personal data provided by the Customer as part of using the functionalities on the Website may be processed, such as: name, surname, data regarding the use of services, if the claims result from the way in which the Customer uses the services, other data necessary to prove the existence of the claim, including the extent of the damage suffered. Legal basis – legitimate interest (Article 6(1)(f) of the GDPR), consisting in determining, pursuing and enforcing claims and defending against claims in proceedings before courts and other state authorities. | |||
11. | The transfer of personal data to YACHTSUN LIMITED is voluntary in connection with concluded sales contracts or the provision of services via the Website, provided, however, that failure to provide the data specified in the forms in the Registration process makes it impossible to Register and set up a Customer Account, and in the case of placing an order without registering a Customer Account will make it impossible to place and process the Customer’s order. | |||
§ 2 Who is the data shared or entrusted with and how long is it stored? | ||||
1. | The Customer’s personal data is transferred to service providers used by YACHTSUN LIMITED to run the Website. Service providers to whom personal data are transferred, depending on contractual arrangements and circumstances, are either subject to YACHTSUN LIMITED’s instructions regarding the purposes and methods of processing this data (processors) or independently determine the purposes and methods of their processing (administrators). | |||
and) | Processors . YACHTSUN LIMITED uses suppliers who process personal data only on instructions from YACHTSUN LIMITED. These include, among others: suppliers providing hosting services, accounting services, providing marketing systems, systems for analyzing traffic on the Website, systems for analyzing the effectiveness of marketing campaigns; | |||
b) | Administrators . YACHTSUN LIMITED uses suppliers who do not act solely on instructions and determine the purposes and methods of using Customers’ personal data themselves. They provide electronic payment and banking services. | |||
2. | Location . Service providers are based in Poland and other countries of the European Economic Area (EEA). | |||
3. | Customers’ personal data are stored: | |||
and) | If the basis for the processing of personal data is consent, then the Customer’s personal data are processed by YACHTSUN LIMITED until the consent is revoked, and after the consent is withdrawn, for a period of time corresponding to the limitation period for claims that may be raised by YACHTSUN LIMITED and that may be raised against him. Unless a specific provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to running a business – three years. | |||
b) | If the basis for data processing is the performance of a contract, then the Customer’s personal data are processed by YACHTSUN LIMITED for as long as it is necessary to perform the contract, and after that for a period corresponding to the limitation period for claims. Unless a specific provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to running a business – three years. | |||
4. | If you make a purchase on the Website, personal data may be transferred, depending on the Customer’s choice, to the following entities in order to provide the ordered services: | |||
and) | YACHTSUN based in Poznan (61-741), ul. 23 Lutego 11/P6, providing tourist services. | |||
5. | If the Customer chooses to pay via the PayPal system, his or her personal data is transferred to the extent necessary to process the payment to PayPal (Europe) S.à r.l. et Cie, S.C.A. 22-24 Boulavard Royal L-2449 Luksemburg | |||
6. | Navigation data may be used to provide Customers with better service, analyze statistical data and adapt the Website to Customer preferences, as well as administer the Website. | |||
7. | In the event of a request, YACHTSUN LIMITED provides personal data to authorized state authorities, in particular organizational units of the Prosecutor’s Office, the Police, the President of the Personal Data Protection Office, the President of the Office of Competition and Consumer Protection or the President of the Office of Electronic Communications. | |||
§ 3 Cookie mechanism, IP address | ||||
1. | The website uses small files called cookies. They are saved by YACHTSUN LIMITED on the end device of the person visiting the Website, if the web browser allows it. A cookie usually contains the name of the domain it comes from, its “expiration time” and an individual, randomly selected number identifying the file. Information collected using this type of files helps adapt the products offered by YACHTSUN LIMITED to the individual preferences and real needs of people visiting the Website. They also provide the opportunity to develop general statistics of visits to the presented products on the Website. | |||
2. | YACHTSUN LIMITED uses two types of cookies: | |||
and) | Session cookies : after ending the browser session or turning off the computer, the saved information is deleted from the device’s memory. The session cookies mechanism does not allow downloading any personal data or any confidential information from Customers’ computers. | |||
b) | Persistent cookies : are stored in the memory of the Customer’s end device and remain there until they are deleted or expire. The persistent cookies mechanism does not allow downloading any personal data or any confidential information from the Customer’s computer. | |||
3. | YACHTSUN LIMITED uses its own cookies to: | |||
and) | authenticating the Client on the Website and ensuring the Client’s session on the Website (after logging in), thanks to which the Client does not have to re-enter the login and password on each subpage of the Website; | |||
b) | analysis and research as well as audience audit, in particular to create anonymous statistics that help understand how Customers use the Website, which allows improving its structure and content. | |||
4. | YACHTSUN LIMITED uses external cookies to: | |||
and) | popularizing the Website using the social networking site facebook.com (external cookie administrator: Facebook Inc based in the USA); | |||
b) | collecting general and anonymous static data via Google Analytics analytical tools (external cookie administrator: Google Inc based in the USA); | |||
5. | The cookie mechanism is safe for the computers of the Website’s customers. In particular, this way it is not possible for viruses or other unwanted software or malware to reach the Customer’s computers. However, in their browsers, customers have the option of limiting or disabling access to cookies on their computers. If you use this option, you will be able to use the Website, except for functions that by their nature require cookies. | |||
6. | Below we present how you can change the settings of popular web browsers regarding the use of cookies: | |||
and) | Internet Explorer browser ; | |||
b) | Microsoft EDGE browser ; | |||
c) | Mozilla Firefox browser ; | |||
d) | Chrome browser ; | |||
e) | Safari browser ; | |||
f) | Opera browser . | |||
7. | YACHTSUN LIMITED may collect Customers’ IP addresses. An IP address is a number assigned to the computer of a person visiting the Website by the Internet service provider. The IP number allows you to access the Internet. In most cases, it is assigned to the computer dynamically, i.e. it changes every time you connect to the Internet. The IP address is used by YACHTSUN LIMITED when diagnosing technical problems with the server, creating statistical analyzes (e.g. determining from which regions we receive the most visits), as information useful in administering and improving the Website, as well as for security purposes and possible identification of those that burden the server, unwanted automatic programs for viewing the content of the Website. | |||
8. | The website contains links and references to other websites. YACHTSUN LIMITED is not responsible for their privacy policies. | |||
§ 4 Rights of data subjects | ||||
1. | The right to withdraw consent – legal basis: art. 7 section 3 GDPR. | |||
and) | The client has the right to withdraw any consent given to YACHTSUN LIMITED. | |||
b) | Withdrawal of consent takes effect from the moment of withdrawal. | |||
c) | Withdrawal of consent does not affect the processing carried out by YACHTSUN LIMITED in accordance with the law before its withdrawal. | |||
d) | Withdrawal of consent does not entail any negative consequences for the Customer, but may prevent further use of services or functionalities that, according to the law, YACHTSUN LIMITED can only provide with consent. | |||
2. | The right to object to data processing – legal basis: art. 21 GDPR. | |||
and) | The customer has the right to object at any time – for reasons related to his particular situation – to the processing of his personal data, including profiling, if YACHTSUN LIMITED processes his data based on a legitimate interest, e.g. marketing of YACHTSUN LIMITED products and services, conducting statistics on the use of individual functionalities of the Website and facilitating the use of the Website, as well as satisfaction surveys. | |||
b) | Resignation by e-mail from receiving marketing messages regarding products or services will mean the Customer’s objection to the processing of his personal data, including profiling for these purposes. | |||
c) | If the Customer’s objection turns out to be justified and YACHTSUN LIMITED has no other legal basis for processing personal data, the Customer’s personal data will be deleted, to the processing of which the Customer has objected. | |||
3. | The right to delete data (“right to be forgotten”) – legal basis: art. 17 GDPR. | |||
and) | The customer has the right to request the deletion of all or some personal data. | |||
b) | The customer has the right to request the deletion of personal data if: | |||
and. | the personal data are no longer necessary in relation to the purposes for which they were collected or processed; | |||
b. | withdrew specific consent, to the extent that personal data were processed based on his consent; | |||
c. | has objected to the use of his data for marketing purposes; | |||
d. | personal data are processed unlawfully; | |||
e. | personal data must be deleted in order to comply with a legal obligation under Union law or the law of the Member State to which YACHTSUN LIMITED is subject; | |||
f. | the personal data were collected in connection with the offering of information society services. | |||
c) | Despite the request to delete personal data, in connection with raising an objection or withdrawing consent, YACHTSUN LIMITED may retain certain personal data to the extent that processing is necessary for the establishment, exercise or defense of claims, as well as for the fulfillment of a legal obligation requiring processing under Union law or the law of the Member State to which YACHTSUN LIMITED is subject. This applies in particular to personal data including: name, surname, e-mail address, which data is retained for the purposes of considering complaints and claims related to the use of YACHTSUN LIMITED services, or additionally the residential address/correspondence address, order number, which the data is retained for the purpose of considering complaints and claims related to concluded sales contracts or the provision of services. | |||
4. | The right to limit data processing – legal basis: art. 18 GDPR. | |||
and) | The customer has the right to request restriction of the processing of his personal data. Submitting a request, until it is considered, prevents the use of certain functionalities or services, the use of which will involve the processing of the data covered by the request. YACHTSUN LIMITED will not send any messages, including marketing ones. | |||
b) | The customer has the right to request restriction of the use of personal data in the following cases: | |||
and. | when you question the accuracy of your personal data – then YACHTSUN LIMITED limits their use for the time needed to check the accuracy of the data, but no longer than 7 days; | |||
b. | when the data processing is unlawful and instead of deleting the data, the Customer requests restriction of their use; | |||
c. | when personal data are no longer necessary for the purposes for which they were collected or used, but they are needed by the Client to establish, pursue or defend claims; | |||
d. | when he has objected to the use of his data – then the limitation is for the time needed to consider whether – due to the special situation – the protection of the interests, rights and freedoms of the Customer outweighs the interests pursued by the Administrator by processing the Customer’s personal data. | |||
5. | Right to access data – legal basis: art. 15 GDPR. | |||
and) | The Customer has the right to obtain from the Administrator confirmation whether he or she processes personal data, and if this is the case, the Customer has the right to: | |||
and. | access your personal data; | |||
b. | obtain information about the purposes of processing, categories of personal data processed, about the recipients or categories of recipients of this data, the planned period of storage of the Customer’s data or about the criteria for determining this period (when determining the planned period of data processing is not possible), about the rights of the Customer under the GDPR, and about the right to lodge a complaint with the supervisory authority, about the source of this data, about automated decision-making, including profiling, and about the safeguards used in connection with the transfer of this data outside the European Union; | |||
c. | obtain a copy of your personal data. | |||
6. | The right to rectify data – legal basis: art. 16 GDPR. | |||
and) | The Customer has the right to request the Administrator to immediately correct any incorrect personal data concerning him/her. Taking into account the purposes of processing, the data subject has the right to request that incomplete personal data be completed, including by submitting an additional statement, sending the request to the e-mail address in accordance with §6 of the Privacy Policy. | |||
7. | The right to transfer data – legal basis: art. 20 GDPR. | |||
and) | The Customer has the right to receive his personal data that he provided to the Administrator and then send them to another personal data administrator of his choice. The Customer also has the right to request that personal data be sent by the Administrator directly to such an administrator, if technically possible. In such a case, the Administrator will send the Customer’s personal data in the form of a file in the CSV format, which is a commonly used, machine-readable format that allows the received data to be sent to another personal data administrator. | |||
8. | If the Customer exercises the rights arising from the above rights, YACHTSUN LIMITED shall comply with the request or refuse to comply with it immediately, but no later than within one month after receiving it. However, if – due to the complexity of the request or the number of requests – YACHTSUN LIMITED will not be able to meet the request within a month, it will meet it within the next two months by informing the Customer within one month of receiving the request – about the intended extension of the deadline and its reasons. | |||
9. | The Customer may submit to the Administrator complaints, inquiries and requests regarding the processing of his personal data and the exercise of his rights. | |||
10. | The customer has the right to request that YACHTSUN LIMITED provide a copy of standard contractual clauses by directing the inquiry in the manner indicated in §6 of the Privacy Policy. | |||
11. | The customer has the right to lodge a complaint with the President of the Office for Personal Data Protection regarding a violation of his rights to the protection of personal data or other rights granted under the GDPR. | |||
§ 5 Security management – password | ||||
1. | YACHTSUN LIMITED provides Customers with a secure and encrypted connection when sending personal data and when logging in to the Customer Account on the Website. YACHTSUN LIMITED uses an SSL certificate issued by one of the world’s leading companies in the field of security and encryption of data transmitted via the Internet. | |||
2. | If the Customer who has an account on the Website has lost the access password in any way, the Website allows generating a new password. YACHTSUN LIMITED does not send password reminders. The password is stored in an encrypted form, making it impossible to read. To generate a new password, please provide your e-mail address in the form available under the “Remind password” link provided next to the account login form on the Website. The Customer will receive an e-mail to the e-mail address provided during registration or saved in the last change of the account profile, containing a redirection to a dedicated form available on the Website, where the Customer will be able to set a new password. | |||
3. | YACHTSUN LIMITED never sends any correspondence, including electronic correspondence, asking for login details, in particular the access password to the Customer’s account. | |||
§ 6 Changes to the Privacy Policy | ||||
1. | The Privacy Policy may change, of which YACHTSUN LIMITED will inform Customers 7 days in advance. | |||
2. | Please send questions regarding the Privacy Policy to: office@phillipyachtsuncharter.com | |||
3. | Date last modified: 01/09/2023 |