- This Privacy Policy (hereinafter “Policy”) has been created and implemented by ESOTIQ & HENDERSON S.A. with its registered office in Gdańsk, address: ul. Budowlanych 31C, 80-298 Gdańsk, a company registered in the National Court Register maintained by the District Court Gdańsk-Północ in Gdańsk, 7th Economic Department of the National Court Register under the registration number KRS 0000370553, Tax Identification Number (NIP): 583-311-72-20, National Business Registry Number (REGON): 221133543 (hereinafter referred to as the “Company”). In cases involving the collection (processing) of personal data, the data controller under the GDPR is the Company as described in the preceding sentence. The above contact details can also be used to get in touch with the Data Protection Officer (hereinafter “DPO”). The DPO can also be contacted electronically at the email address: iod@esotiq.com.
- The term “GDPR” shall refer to: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the “GDPR.”
- The term “User” shall mean any individual who uses the website www.esotiqhenderson.com (hereinafter referred to as the “Website”).
- In case of any doubts or discrepancies between the Policy and consents provided by an individual, regardless of the provisions of the Policy, the Company shall always rely on voluntarily granted consents or legal regulations for decision-making and determination of the scope of actions. In the event of such a conflict between the Policy and the content of informational clauses provided by the Company during the collection of personal data, the information that the User should follow is the one provided to them within the framework of said informational clauses.
- By using the Website, its User remains anonymous as long as they wish, provided their internet browser is appropriately configured. User’s personal data may be provided in case of newsletter subscription or completion of a contact form.
- The User can give consent to receive commercial information electronically (hereinafter “NEWSLETTER”), and the processing of their personal data: email address, first name, last name, for the purpose of sending the NEWSLETTER. Within the consent obtained from the User, the Company may send newsletters and information about promotions and new content published on the Website to the email address provided by the User.
Information about Personal Data Protection
- The administrator of your personal data is ESOTIQ & HENDERSON S.A., with its registered office in Gdańsk, address: ul. Budowlanych 31C, 80-298 Gdańsk, registered in the records of the District Court Gdańsk-Północ in Gdańsk, 7th Economic Department of the National Court Register (KRS), registration number KRS 0000370553, Tax Identification Number (NIP): 583-311-72-20, National Business Registry Number (REGON): 221133543, hereinafter referred to as the “Personal Data Administrator” or simply “PDA.”
- The Personal Data Administrator collects your personal data (email address, first name, last name) obtained when you provide consent for the NEWSLETTER (“personal data”):
- We collect your personal data for the following purposes:
- to inform you about marketing activities and send commercial information (NEWSLETTER);
- to send you commercial information electronically (via email);
- to send you information about promotions and new content published on the Website electronically (via email).
- The Personal Data Administrator may disclose personal data to the following third parties for the purposes outlined in this document:
- To its employees, for the purpose of carrying out activities related to the distribution of the NEWSLETTER – after the employees have been acquainted with the principles of personal data security, and primarily after familiarizing themselves with the Personal Data Security Policy in force at ESOTIQ & HENDERSON S.A. based in Gdańsk.
- To entities with which the PDA has a cooperation agreement (“Data Processors”) for the purpose of implementing the NEWSLETTER’s objectives. Specifically, the PDA may provide your personal data to entities such as accounting service providers, postal and courier companies, enterprises with which we collaborate for marketing services, and enterprises with which we collaborate for IT services. Such entities will be obligated, through agreements concluded with the PDA, to apply appropriate security measures, technical and organizational, to protect personal data and to process it only in accordance with legal regulations.
- To supervisory authorities, government bodies, and other third parties; when necessary for the achievement of the aforementioned purposes and for fulfilling legal obligations, personal data may be disclosed to supervisory authorities, courts, and other governmental bodies (such as tax authorities and law enforcement agencies), independent external advisors (such as auditors), or service providers.
- The PDA undertakes to implement appropriate security measures, both technical and organizational, to protect your personal data. Personal data will be stored by the PDA and/or Data Processors only for the period necessary to achieve the purposes for which the data is collected.
- You have rights regarding the protection of personal data. According to the applicable data protection laws, you have the right to lodge a complaint with the competent supervisory authority (i.e., the President of the Personal Data Protection Office or the authority succeeding it).
- In addition, you have the right to:
- Request access to personal data; the individual to whom the data pertains is entitled to obtain confirmation from the PDA as to whether personal data concerning them is being processed, and if so, they have the right to access that data. Upon request, the PDA will provide you with a copy of your processed personal data. For any subsequent copies you request, the PDA may charge a reasonable fee based on administrative costs.
- Request correction of personal data; you have the right to request the correction of your personal data that is inaccurate. Considering the purposes of processing, you have the right to request the completion of incomplete personal data, including by providing an additional statement.
- Request erasure of personal data (“right to be forgotten”); you have the right to request the immediate erasure of your personal data, provided the circumstances required by law are met, and the PDA has an obligation to promptly erase such personal data.
- Request restriction of processing your personal data; in this case, upon your request, the PDA will identify such personal data, and its processing may be limited only to specific purposes.
- Request the transfer of personal data; under certain conditions, you have the right to receive your personal data concerning you, processed by the PDA, in a structured, commonly used, machine-readable format, and you have the right to transmit this personal data to another controller.
- Object; in certain circumstances, you have the right to object at any time, for reasons related to your particular situation, to the processing of your personal data. The PDA may be obligated to cease processing such personal data in such cases.
- Furthermore, we inform you that:
- Your personal data is processed based on your voluntary consent given when subscribing to the NEWSLETTER.
- The consent you have provided for processing personal data remains valid. You have the right to withdraw it at any time.
- The PDA does not process sensitive data.
- Personal data is processed solely for the purpose of sending marketing information through the ESOTIQ & HENDERSON NEWSLETTER.
- The PDA does not transfer personal data beyond the borders of the European Union and the European Economic Area countries (Norway, Iceland, and Liechtenstein) and Switzerland. However, in the course of the Company’s use of tools that support its ongoing activities provided, for example, by Google, the User’s personal data may be transferred to a country outside the European Economic Area, particularly to the United States of America (USA) or another country where the cooperating entity maintains tools for processing personal data in collaboration with the Company. Appropriate safeguards for the transferred personal data have been ensured by the Company through the use of standard data protection clauses adopted in data processing agreements, which comply with the requirements of the GDPR. In the case of data transfers from Europe to the USA, certain entities located there may additionally provide an adequate level of data protection under the so-called Privacy Shield program (more information on this topic is available at: https://www.privacyshield.gov/).
- The PDA provides you with the right to access the content of your personal data and the right to rectify, erase, restrict processing, data portability, the right to object to processing, and the right to withdraw consent at any time.
- If you have any questions regarding personal data or the exercise of privacy rights, please contact the Data Protection Officer appointed by the PDA. Below, we provide you with the contact details of the Data Protection Officer: email address: iod@esotiq.com.”
- After reviewing the above information, the User – in order to effectively subscribe to the NEWSLETTER – gives consent for the processing of personal data in accordance with the purposes stated in the above information. Additionally, the User separately gives consent to receive commercial information to their email address electronically. Until the User gives consent in both fields, the Company will not process their email address or send commercial information to that address electronically.
- The User can cancel the receipt of commercial information at any time by sending an email to the address biuro@esotiq.com or by using the “click here to unsubscribe” link in the content of the received commercial email, expressing the intention to unsubscribe from receiving commercial information, or by opting out from receiving commercial information through the Newsletter. Unsubscribing is synonymous with requesting the deletion of the User’s personal data (email address).
- In the event of the User providing additional consent, data obtained based on the User’s online activities using technologies such as cookies may also be processed by the Company’s partners.
- The company takes special care to protect the interests of individuals whose data is involved, and in particular ensures that the data collected by it is:
- Processed lawfully, fairly, and in a transparent manner with regard to the data subject;
- Collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes;
- Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed;
- Accurate and, where necessary, kept up to date;
- Kept in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the personal data are processed;
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.
- Possible purposes of processing Users’ personal data by the Company include, in particular:
- Presenting advertisements, offers, or promotions concerning products or services of the Company and its partners, intended for all recipients, especially for the purpose of providing the Newsletter service;
- Evaluating and analyzing the activity and information about the User, including within the scope of automated personal data processing (profiling), for the purpose of presenting general advertisements, offers, or promotions (discounts) concerning products or services of the Company and its partners, tailored to the interests of the specific User (without significantly affecting their decisions), as well as market and statistical analysis;
- Pursuing claims and defending against claims, including claims from third parties;
- Fulfilling legal obligations arising from regulations, e.g., tax and accounting, especially in the case of paid agreements;
- Corresponding with Users, including responding to User messages.
- The Company may process the following personal data of Users in particular:
- Users of the www.esotiqhenderson.com website: personal data provided in the form when subscribing to the newsletter or sending inquiries through the form (especially: first and last name; email address; contact phone number; country; company),
- Personal data provided for the purpose of using the Newsletter, submitted when using the contact form;
- Other data, especially obtained based on the User’s online activity using technologies such as cookies and similar methods.
- Providing personal data by the User on the www.esotiqhenderson.com website, in the NEWSLETTER, and in other communication channels is always voluntary, but it is necessary to use specific functionalities, such as sending messages through the website form or subscribing to the newsletter, etc. The required scope of data necessary to conclude the relevant agreement is specified in advance within the specific communication channels with the User (e.g., in the Regulations). The consequence of not providing personal data may result in the inability to effectively perform the aforementioned actions.
- The legal basis for processing User’s personal data is primarily the necessity of performing a contract of which the User is a party or the necessity to take actions at the User’s request before entering into such a contract (Art. 6(1)(b) of the GDPR). This primarily pertains to personal data provided in the form when subscribing to the Newsletter. On the other hand, presenting, creating, assigning, and executing advertisements, offers that are based solely on automated processing, including profiling, highly tailored to the User’s preferences, and significantly affecting consumer decisions, is based on the User’s voluntarily given consent (Art. 6(1)(a), Art. 22(2)(c) of the GDPR).
- For other (different) purposes, the User’s personal data may be processed based on:
- Voluntarily given consents – for instance, individuals participating in contests (Art. 6(1)(a) of the GDPR);
- Applicable legal provisions – when processing is necessary to fulfill a legal obligation imposed on the Company, such as when the Company settles concluded sales agreements based on tax or accounting regulations (Art. 6(1)(c) of the GDPR).
- The User can provide consent for the processing of their provided data for the Company’s marketing purposes. In such a case, the User has the right to access their content, correct them, as well as request the deletion of the provided personal data. The User can demand the deletion of their provided personal data at any time by sending an email to the address biuro@esotiq.com.
- The Company ensures the security of the shared data, especially to prevent unauthorized access. The Company guarantees all Users who provide their personal data the exercise of rights stemming from the GDPR, including the right to access their own data, the right to request updates and deletion of data, and the right to object in cases specified by the law, as well as the right to be forgotten (data erasure).
- The User’s personal data can be subject to profiling. Profiling by the Company refers to actions [undertaken with the aim of presenting general advertisements, offers, or promotions (discounts) intended for all customers, tailored to the interests of the specific User], which may involve learning about the User’s preferences, such as analyzing how often they visit the www.esotiqhenderson.com website. This enables a better understanding of the Customer’s expectations and adapting to their needs, without significantly affecting their decisions. Through the use of advanced technologies by the Company, these actions are often automated, ensuring that the content sent is the most current, allowing the User to quickly become familiar with it.
- The User’s personal data, for which the Company is the administrator, may be disclosed to other recipients or data processors based on a written agreement with such entities. The list of recipients of personal data processed by the Company always primarily arises from the range of services used by the User. The list of data recipients also results from the User’s consent or legal provisions, and is further specified through actions taken by the User on the www.esotiqhenderson.com website. In the processing of Personal Data, partners of the Company may be involved to a limited extent, particularly hosting service providers or IT service providers, companies that service software, support the Company in marketing campaigns, as well as legal and advisory service providers.
- As part of the Company’s use of tools that support its ongoing operations provided by companies such as Google, the User’s personal data may be transferred to countries outside the European Economic Area, particularly to the United States of America (USA) or another country where a cooperating entity maintains tools for processing personal data in collaboration with the Company. Appropriate safeguards for the transfer of personal data have been provided by the Company through the use of standard data protection clauses adopted under data processing agreements, in compliance with GDPR requirements. In the case of data transfers from Europe to the USA, some entities located there may additionally provide an adequate level of data protection under the so-called Privacy Shield program (more information is available at: https://www.privacyshield.gov/).
- Due to the fact that the technology used by the Company, such as cookies (or functionality similar to cookies), collects information about every person visiting the Website, the provisions of this Policy apply to all individuals using the Website.
- Information contained in system logs may include various data, such as IP addresses. The administrator uses them solely for technical purposes. Certain areas of the system that manage the registration process on the website may use cookies, which are text files stored on the User’s computer, identifying them and enabling, among other things, automatic completion of form fields based on previously entered data. The condition for the operation of cookies is their acceptance by the browser and not deleting them from the disk.
- Automatically Collected Data
- When a User uses the esotiqhenderson.com website, data related to the User is automatically collected. This data includes, among others: IP address, domain name, browser type, and operating system type. These data may be collected through cookies, the Google Analytics service, and social media services such as Facebook, Instagram, and Linkedin.
- Cookies are files sent to the User’s computer or other device while browsing the esotiqhenderson.com website.
- The data mentioned in this point 23 is used for the customization, measurement, and improvement of esotiqhenderson.com services, as well as for conducting marketing activities.
- As part of its marketing activities, the Company utilizes the services of the following entities that use cookies on the Company’s website:
- Google AdWords
- Google Analytics
- More information about the cookies mentioned by these entities can be found in their privacy policies. Users can change their use of cookies by managing their consents within the privacy settings on the Company’s Website or through their browser, including blocking or deleting those originating from the Company’s Website (and other websites). To do this, you should adjust your browser settings. The method of deleting cookies varies depending on the internet browser you use. Information on how to delete cookies should be available in the “Help” section of your chosen internet browser. Deleting cookies is not the same as deleting personal data collected by the Company through cookies. It’s also possible to block third-party cookies while accepting cookies used directly by the Company (the option “block cookies from external parties”). Limiting the use of cookies on a given device may prevent or significantly hinder the proper use of the Company’s Website, for example, it might result in the inability to maintain login sessions.
- Each User has the right at any time to:
- file a complaint with the President of the Personal Data Protection Office;
- data portability of personal data provided to the Company and processed in an automated manner, and the processing is based on consent or a contract, e.g., to another data controller;
- access personal data (including receiving information about what personal data is being processed);
- request the correction and restriction of processing (e.g., if personal data is inaccurate) or deletion of personal data (e.g., if they were processed unlawfully);
- withdraw any consent given to the Company at any time, with such withdrawal not affecting the processing conducted by the Company in accordance with the law before its withdrawal;
- object to the processing of personal data concerning them carried out for the purpose of the legitimate interests pursued by the Company or a third party, including, in particular, processing for marketing purposes, including profiling.
- Personal Data may be stored until the User raises an objection, and if they are related to technologies like cookies and similar mechanisms, depending on technical considerations, until the deletion of these files through browser/device settings (however, file deletion does not always equate to the erasure of personal data obtained through these files, hence the possibility of objection). If the processing of personal data is dependent on the User’s consent, the personal data may be processed until the consent is withdrawn. In any case:
- Personal data will also be retained when legal provisions (e.g., accounting or tax regulations) obligate the Company to process them;
- The Company will retain personal data for an extended period if the User has any claims against the Company, for the purpose of pursuing claims by the Company, or for the purpose of pursuing or defending against third-party claims, for the duration of their statutory limitation period as defined by applicable law, especially the civil code.
- Depending on the scope of personal data and the purposes of their processing, they may be stored for varying periods.
- Commercial information related to the commercial activities conducted by the Company may be sent (solely based on explicit consent provided by the User) to the User’s email address or phone number. Consent must be explicit and cannot be presumed. Similarly, in the case of consent for processing the User’s personal data, such consent must be explicit and cannot be presumed.
- The Company employs appropriate technical and organizational measures to ensure the protection of processed personal data that is suitable for the threats and categories of data under protection. This includes safeguarding data from unauthorized disclosure, unauthorized access, processing in violation of applicable laws, as well as alteration, loss, damage, or destruction. Disclosing external information about the employed technical and organizational measures for data protection might weaken their effectiveness and thereby jeopardize proper personal data protection.
- Questions regarding the privacy policy should be directed to the email address: iod@esotiq.com or through traditional mail to the Company’s address: ESOTIQ & HENDERSON S.A., ul. Budowlanych 31C, 80-298 Gdańsk.
Information about Cookies
- The website uses “cookies.” By “cookies,” we mean computer data, especially text files, stored on end-user devices intended for use on websites. These files allow the recognition of the user’s device and the appropriate display of a web page tailored to their individual preferences. “Cookies” typically contain the name of the originating website, the duration of storage on the end-user device, and a unique number.
“Cookies” are used to adapt the content of web pages to the user’s preferences and optimize the use of websites. They are also employed to create anonymous, aggregated statistics that help understand how users interact with web pages, facilitating the improvement of their structure and content, without personal user identification. - The website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics employs “cookies,” which are text files placed on the User’s computer to enable the website to analyze how users interact with it. The information generated by “cookies” about the User’s use of the website (including their IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information to evaluate the User’s use of the website, generate reports on website traffic for website operators, and provide other services related to website activity and internet usage. Google may also transmit this information to third parties when required by law or when such third parties process the information on Google’s behalf. Google will not associate the User’s IP address with any other data held by Google.
The User can opt out of “cookies” by adjusting the appropriate settings in their browser; however, it’s important to note that this might render certain features of the website inaccessible. By using this website, the User consents to Google processing their data as described above and for the specified purposes.