Privacy Policy

Privacy policy and information on how we protect the personal data of website users

Article 1. Administrator 

  1. The administrator of personal data is Good One PR sp. z o.o. with its registered office in Warsaw, ul. Edwarda Jelinka 38; 01-646 Warsaw, tax identification number (NIP): 525-28953-06; National Court Register (KRS) number: 0000952410.
  2. (hereinafter referred to as the "Administrator"), which attaches great importance to the protection of privacy and confidentiality of personal data of its Customers and other individuals whose data is processed by the Administrator (hereinafter referred to as "Users").
  3. The Administrator can be contacted in writing by sending correspondence to the Administrator's registered office, by e-mail at: kontakt@goodone.co or by completing the contact form available on the Administrator's website.
  4. The administrator has not appointed a Data Protection Officer.

Article 2. Principles of personal data processing

  1. The administrator processes personal data to the minimum extent necessary to achieve the purposes of their processing, as clearly defined in this Privacy Policy.
  2. The Administrator shall select and apply appropriate technical and organisational measures to ensure the protection of personal data being processed with due diligence. Only persons duly authorised by the Administrator shall have full access to the databases.
  3. The controller protects personal data against unauthorised access and processing in violation of applicable law. When processing personal data, the controller uses solutions tailored to the scale and nature of the processing, ensuring the highest level of protection for data subjects through both technological and organisational measures.
  4. The following personal data will be processed: name and surname, e-mail address, telephone number.

Article 3. Basis for processing personal data

  1. The personal data provided by the User is processed in accordance with this Privacy Policy and applicable law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC of 27 April 2016 ("GDPR").
  2. Providing personal data is voluntary, but failure to do so will make it impossible to conclude and perform the contract, send an enquiry or perform the requested actions.
  3. The basis for processing personal data is:
  • 6(1)(a) of the GDPR – with regard to personal data obtained with consent, under the conditions specified in Article 7 of the GDPR;
  • 6(1)(b) of the GDPR – with regard to data provided voluntarily for the purpose of responding to any enquiries or requests and conducting further correspondence or contact prior to the conclusion of a contract, as well as the preparation and performance of a contract between the User and the Controller or an entity to which the Controller entrusts the performance of the contract.

Providing data is voluntary, but necessary for the performance of the Agreement or correspondence with the Controller.

  • 6(1)(f) of the GDPR – in relation to data processed in connection with the pursuit of the Controller's legitimate interests.
  1. The Administrator may process third-party data provided by Users for the purpose of or in connection with the provision of services by the Administrator. By providing the Administrator with third-party data, the User declares each time that they have the appropriate consent of third parties to transfer their data to the Administrator.
  2. In the event of a change in the personal data referred to in this Privacy Policy, the User shall immediately inform the Administrator in order to update their personal data.
  3. The Administrator does not use profiling in relation to Users within the meaning of Article 4(4) of the GDPR.

Article 4. Period of personal data processing

User Data will be stored for no longer than necessary, i.e.:

  • in the scope of correspondence – personal data will be stored for the period necessary to handle the enquiry, i.e. the duration of correspondence justified by the type of enquiry (but not longer than 6 months from the date of completion of correspondence).
  • in relation to the performance of the contract – until the contract has been completed, and thereafter for the period required by law or for the purpose of pursuing any claims that may be raised by the Controller or against the Controller;
  • in relation to fulfilling the legal obligation incumbent on the Controller – until it is fulfilled;
  • in the scope of the pursuit of legitimate interests by the Controller or by a third party – until their fulfilment or until the User objects to the processing of personal data, unless there are legitimate grounds for further processing;
  • in the scope of processing carried out solely on the basis of consent – until the data is immediately deleted, carried out on the basis of a request submitted by the User.

Article 5. User Rights

  1. In connection with the processing of personal data by the Administrator, the User has the right to:
  2. request access to personal data – Article 15;

Upon the User’s request for access to their data, the Administrator shall inform the User whether their data is being processed, provide the User with details of the processing in accordance with the GDPR, and grant the User access to their data. Access to the data shall be provided by sending a copy of the data electronically. In the event of a request for another copy of the data in paper form, the Administrator has the right to charge the User with the costs associated with preparing it in such a form and sending it in accordance with Article 15(3) of the GDPR.

  1. the right to rectify personal data – Article 16 of the GDPR;

The administrator shall correct incorrect data at the User’s request.

  1. the right to request the erasure of personal data – Article 17 of the GDPR;

This right applies to the extent that the deletion of data does not conflict with the regulations applicable to the Controller.

  1. the right to restrict data processing – Article 18 of the GDPR;

This right applies to the extent that the Controller may restrict the processing of personal data in the context of the regulations binding on it and to the extent that it does not infringe upon the Controller’s right to pursue its claims against the User.

  1. data portability – Article 20 of the GDPR;

At the User’s request, the Administrator shall issue, in a structured, commonly used, machine-readable format, or transfer to another entity, if possible, data concerning the User who provided it for the purpose of concluding or performing the Agreement or which is processed on the basis of consent.

  1. object to processing – Article 21 of the GDPR;

If the User raises an objection to the processing of their data on grounds relating to their particular situation and the data is processed by the Controller on the basis of the Controller’s legitimate interest, the Controller shall take the objection into account, unless there are legally justified grounds for processing on the part of the Controller that override the interests, rights and freedoms of the person raising the objection, or grounds for establishing, pursuing or defending claims.

  1. withdrawal of consent to data processing, without affecting the lawfulness of processing based on consent before its withdrawal – Article 7(3) of the GDPR;
  2. lodge a complaint with a supervisory authority – Article 77 of the GDPR.
  3. If the Administrator is unable to determine the content of the request or identify the person exercising the above rights on the basis of the notification made, they will ask the applicant for additional information.
  4. A response to the request will be provided within one month of receipt at the latest. If it is necessary to extend this period, the Controller will inform the applicant of the reasons for the extension.

Article 6. Sharing of personal data

  1. Personal data will only be made available to authorised entities, i.e. authorised employees of the Administrator and other persons acting on behalf of the Administrator, as well as other entities authorised to receive User data on the basis of relevant legal provisions, and entities providing services to the IT Administrator. Users' personal data may be transferred to other entities – in cases not specified by the Administrator or legal provisions – only with the User's consent.
  2. The Administrator undertakes not to transfer Users' personal data to third countries or international organisations.
  3. The Administrator shall oblige all entities to whom it entrusts the User's personal data to implement appropriate security measures for such data.

Article 7. Cookies

  1. The diea.pl website (the "Website") uses IT data stored on the end devices of Website users, i.e. in particular text files containing, among other things, the name of the website from which they originate, the time they are stored on the end device and a unique number ("Cookies").
  2. Pursuant to Article 173(1) of the Telecommunications Law of 16 July 2004 (Journal of Laws of 2021, item 576), the Administrator hereby informs that:
  3. Cookies are used on the Website to facilitate its use, allow the content available on the Website to be tailored to the individual needs and preferences of Website users, and to compile general statistics on the use of the Website.
  4. Personal data collected using cookies is gathered solely for the purpose of performing specific functions for users and is encrypted in such a way as to prevent unauthorised access.
  5. The Website user may consent to the use of cookies by adjusting the settings in their web browser (in particular, by enabling or disabling cookies).
  6. The Website user may change their cookie settings at any time – detailed information about the possibilities and methods of handling cookies is available in the software (web browser) settings. Examples of options for editing settings in popular browsers: