This General Privacy and Data Protection Policy („Policy”) describes how and why we collect your Personal Information, what we do with your Personal Information, with whom we share it, how we protect it, and the choices you can make about your Personal Information.
This Policy applies to the processing of Personal Information as part of the various services, tools, applications, websites, portals, sales promotions (online), marketing campaigns, sponsored social media platforms, etc. that are provided or operated by us or on our behalf. This Policy contains general principles and explanations. It is supplemented by separate duty of information clauses relating to the above specific services, tools, applications, websites, portals, sales promotions (online), marketing activities, sponsored social media platforms, etc. These obligation of information clauses will be provided to you when your Personal Data is processed in the aforementioned activities (for example, through websites, portals, individual communication services, newsletters, reminders, surveys, offers, events, etc.).
This Policy applies to all Personal Data collected and used by (or on behalf of) MODERN FORMS Ltd..
If you accept the provisions of this Policy, you also consent to the processing of your Personal Data in the manner set out in this Policy.
At the end of this Policy, you will find definitions of key terms used in this Policy with capitalised letters (e.g. Personal Data, Processing, Data Controller).
2. WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR PERSONAL DATA?
The entities responsible for the Processing of your Personal Data (Data Controller) is :
MODERN FORMS Ltd.
3. WHO CAN YOU CONTACT IN CASE OF QUESTIONS OR REQUESTS? CONTACT POINT FOR DATA PROTECTION
MODERN FORMS Ltd. has established a Data Protection Point of Contact, whose task is to answer your questions and requests related to this Policy, the clauses of the Information Obligation, your Personal Data (and their Processing).
In case of any questions, complaints related to the application of this Policy and the Processing of Personal Data or requests related to your rights, you may contact the Data Protection Point of Contact:
as well as by post at the following address:
- MODERN FORMS Ltd..
4. KEY PRINCIPLES
We care about the Personal Information entrusted to us and are committed to processing it in a fair, transparent and secure manner. To this end, MODERN FORMS Ltd. applies the following principles:
Lawfulness: we will only collect and process your Personal Data in a lawful, fair and transparent manner. All Personal Data shall be collected, stored and processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR: General Data Protection Regulation).
Data minimization: we will limit the collection of your Personal Data to what is adequate and necessary to achieve the purposes for which it was collected.
Purpose limitation: we will only collect your Personal Data for specified, explicit and legitimate purposes and will not process your Personal Data in a manner incompatible with those purposes.
Correctness: we ensure that the Personal Information we hold is correct and up to date.
Security and data protection: to ensure an adequate level of security and data protection, we implement technical and organizational measures, taking into account, among other things, the nature of the Personal Data to be protected. Such measures are designed to prevent unauthorized disclosure or access, unlawful destruction or accidental loss, alteration or any other unlawful form of Processing.
Access and rectification: we will process your Personal Data in a manner that ensures that you can confirm whether we are processing your Personal Data, and that you can access your Personal Data and obtain the information you have requested along with a request to rectify your Personal Data in accordance with your rights.
Limited retention period: we will retain your Personal Information in a manner consistent with applicable data protection laws and regulations and for no longer than is necessary to fulfill the purposes for which it was collected or as required by law.
International transfer protection: we will provide adequate protection for your Personal Information when it is transferred, particularly to countries outside the EEA.
Third party safeguards: we will ensure that access to (and transfer of) Personal Information by third parties is in accordance with applicable law and appropriate contractual safeguards.
5. PROCESSING OF YOUR PERSONAL DATA: WHAT PERSONAL DATA WE COLLECT AND ON WHAT LEGAL BASIS
Whenever you are asked to provide your Personal Data, you will be clearly informed which of your Personal Data is being collected. This information will be provided to you in the form of an appropriate information obligation clause included with certain services (including communication services), web portals, electronic newsletters, reminders, surveys, offers, invitations to events, etc.
Please note that under data protection legislation, your Personal Data may be Processed if:
- you have given your consent to the Processing (as described in the information obligation clause relating to that particular Processing). If in doubt, you always have the right to withdraw your consent at any time; or
- it is necessary for the performance of a contract to which you are a party; or
- in the case of a particular Processing, we are acting on the basis of our legitimate interest, provided that your interests or fundamental rights and freedoms are not overridden. The existence of such legitimate interest will be duly disclosed to you in the form of an information obligation clause relating to that particular Processing; or
- it is required by law.
6. FOR WHAT PURPOSES WE PROCESS YOUR PERSONAL DATA
We will only process your Personal Data for specified, explicit and legitimate purposes and will not further process your Personal Data in a manner incompatible with those purposes.
Such purposes may be to fulfill an order you have placed, to perform a contract, to improve the quality of our services based on your feedback on your visit to one of our websites or portals, to improve the quality of our products or services in general, to offer services or applications, marketing communications and activities, marketing profiling, etc. The purpose of each Processing of your Personal Data is set out in the specific duty of information clause relating to that particular Processing. Information on specific duty of information clauses is made available, for example, through websites or portals, in applications, electronic newsletters, etc.
7. PROCESSING PERSONAL DATA IN A WAY THAT ENSURES ITS CORRECTNESS AND RELEVANCE
Keeping your data correct and up-to-date is very important to us. We ask that you inform us of any changes or errors in your Personal Data as soon as possible by contacting us via the Data Protection Point of Contact (see Section 3 „Who can you contact with questions or requests?” for details). We will take reasonable steps to ensure that any incorrect or outdated Personal Information is deleted or adjusted accordingly.
8. ACCESS TO YOUR PERSONAL INFORMATION
You have the right to access your Personal Information that we process and, if your Personal Information is inaccurate or incomplete, to request that we correct or delete your Personal Information. If you need additional information regarding your privacy rights or would like to exercise these rights, please contact us through the Data Protection Point of Contact (see Section 3 „Who can you contact with questions or requests?” for details).
9. HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION
We will store your Personal Information in a manner that complies with data protection laws. We will retain your Personal Data only for as long as necessary for the purposes for which we process your Personal Data or for compliance with the law or where retention of your data for a certain period is required by law. For information on how long specific Personal Data will be retained before it is deleted from our systems and databases, please contact us through the Data Protection Point of Contact (see Section 3 „Who can you contact with questions or requests?” for details). Relevant information will also be given in the specific information obligation clauses that will be provided to you when your Personal Data is processed.
10. PROTECTION OF YOUR PERSONAL INFORMATION
We have put in place an appropriate set of technical and organizational measures to ensure that your Personal Data is protected against accidental or unlawful destruction, loss, modification, unauthorized disclosure or unauthorized access to your Personal Data. These have been specifically designed taking into account our IT infrastructure, the potential impact on your privacy and associated costs, and in accordance with current industry standards and practice.
Your Personal Data may be subject to processing by a third party Data Processor only if that Data Processor commits to these technical and organizational data security measures.
Maintaining data security means protecting the confidentiality, integrity and availability of your Personal Data:
- Confidentiality: we will protect your Personal Data from unwanted disclosure to third parties.
- Integrity: we will protect your Personal Information from modification by unauthorized third parties.
- Availability: we will ensure that authorized parties are able to access Personal Information as needed.
Our data security procedures include: access security, backup systems, systems monitoring, review and maintenance, security incident management and business continuity assurance, etc.
- The cookies that may be sent by a website can be divided according to the following criteria:
By the provider:
1) your own (created by the website you are visiting) and
2) belonging to persons or third parties who are not Data Administrators
By the period of storage on a given device:
1) session (stored until you log out of the website or close the browser) and
2) permanent (stored for a defined period of time or until manual removal)
Due to the purpose of their use:
1) necessary (to enable the proper functioning of the website),
2) functional/preferential (enabling adaptation of the website to the visitor’s preferences),
3) analytical and performance (gathering information about how the site is used),
4) marketing, advertising and social networking (gathering information about the person visiting the website for the purpose of displaying personalized advertising to that person and conducting other marketing activities, including on other sites, such as social networking sites).
- The Administrator may process the data contained in cookies when visitors use the site for the following specific purposes:
1) identifying Customers as logged in to the website and showing that they are logged in (essential cookies),
2) remembering the Products added to the basket in order to place an Order (essential cookies),
3) remembering data from completed Order Forms, surveys or login data to the site (essential and/or functional/preferential cookies),
4) adapting the contents of the site to the individual preferences of the Customer (e.g. color, font size, page layout) and optimize the use of the site (functional/preferential cookies),
5) conducting anonymous statistics showing how the site is used (analytical and performance cookies),
6) remarketing, i.e. studying the characteristics of visitors’ behavior by anonymous analysis of their actions (e.g. repeated visits to specific pages, keywords) in order to create their profile and provide them with advertisements tailored to their interests, also when they visit other sites in the advertising network of Google Ireland Ltd. and Facebook Ireland Ltd. (marketing, advertising and social networking cookies).
- Checking in the browsers which cookies are being sent at any given time by the website, the duration of their operation and who their provider is is possible in the following way:
1) in the address bar, click on the padlock icon on the left,
2) go to the „Cookies” tab.
1) in the address bar, click on the shield icon on the left,
2) go to the „Allowed” or „Blocked” tab,
3) click the box for „Cookies that track between sites”, „Social media tracking elements” or „Content with tracking elements”.
- Internet Explorer:
1) click the „Tools” menu,
2) go to the „Internet Options” tab,
3) go to the „General” tab,
4) go to the „Settings” tab,
5) click the „View Files” box.
1) in the address bar, click on the padlock icon on the left,
2) go to the „Cookies” tab.
1) click the „Preferences” menu,
2) go to the „Privacy” tab,
3) click on the „Manage website data” box
Regardless of the browser, using the tools available at: https://www.cookiemetrix.com/ or: https://www.cookie-checker.com/
- Information about changing the settings for cookies and their removal in browsers are available in the help section of the browser or on the following pages:
– Chrome https://support.google.com/chrome/answer/95647?hl=en
– Firefox https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
– Internet Explorer https://support.microsoft.com/en-us/topic/how-to-delete-cookie-files-in-internet-explorer-bca9446f-d873-78de-77ba-d42645fa52fc
– Safari https://support.apple.com/en-us/HT201265
– Microsoft Edge https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09
- The Administrator may use Google Analytics and Universal Analytics services provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). These services help the Administrator keep statistics and analyse web traffic. The collected data is aggregated. Administrator using the above services collects data such as the source and method of obtaining visitors to the site and their behavior on the site, information about the devices and browsers from which they visit the site, IP and domain, geographic data and demographic data (age, gender) and interests.
- It is possible to prevent a user from sharing information about his or her activity on the website with Google Analytics. For this purpose, you can install a browser add-on provided by Google Ireland Ltd. https://tools.google.com/dlpage/gaoptout?hl=en.
- The Administrator may use the Facebook Pixel service on the website provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). This service helps the Administrator to measure the effectiveness of advertisements and to find out what actions visitors take on the website, and to display tailored advertisements to these visitors. Detailed information about how Facebook Pixel works can be found at: https://www.facebook.com/business/help/742478679120153?id=1205376682832142
12. DISCLOSURE OF PERSONAL INFORMATION
Depending on the purposes for which we collect your Personal Information, we may disclose your Personal Information to the following categories of recipients who will then, solely for the purposes indicated, process your Personal Information:
- a) In the course of our business:
- Our authorized employees;
- b) External business partners:
- Advertising, marketing and promotional agencies acting on our behalf: to help us deliver and analyse the effectiveness of our advertising and promotional campaigns;
- Business partners: for example, trusted companies who may use your Personal Information to provide services and/or products you have requested and/or who may provide you with marketing materials (provided you have consented to receive such marketing materials). We ask such companies to always comply with applicable laws and this Policy and to pay particular attention to the confidentiality of your Personal Information;
- Service Providers for MODERN FORMS Ltd.: companies that provide services to or on behalf of MODERN FORMS Ltd., for the purpose of providing such services (for example, MODERN FORMS Ltd. may disclose your Personal Data to third-party IT-related service providers);
- c) Other third parties:
- when required by law or lawfully necessary to protect MODERN FORMS Ltd.:
- for compliance with the law, requests from government authorities, court orders, legal procedures, obligations to report and provide information to authorities, etc;
- to verify or enforce compliance with policies and agreements with MODERN FORMS Ltd.; and
- to protect the rights, property or safety of MODERN FORMS Ltd. and/or our customers;
- in connection with corporate transactions: in the context of a transfer or disposal of all or part of its business or otherwise in connection with a merger, consolidation, change of control, reorganization or liquidation of all or part of the business of MODERN FORMS Ltd..
Please note that the third party recipients listed in (b) and (c) above – particularly service providers who may offer products and services through services or applications or through their own channels – may collect Personal Information from you separately. In such case, these entities are solely responsible for the processing and control of such Personal Data, and your interactions with them will be subject to their terms and conditions.
13. DETAILED CONTACT WITH MODERN FORMS Ltd.
If you purchase a product or service from us (MODERN FORMS Ltd.) or if you provide us with your Personal Data, you thereby establish an intrinsic relationship with us as Data Controller and Administrator.
14. USE OF SOCIAL MEDIA
If you use MODERN FORMS Ltd. via www.themodernforms.com, www.modernforms.eu, www.medals24.com, www.awards-trophies.eu with a specific social media login (for example, Facebook account), MODERN FORMS Ltd. will register your Personal Data available on these social media, and your use of such social media means that you have expressly consented to the transfer of Personal Data registered by MODERN FORMS Ltd. through the tools of that social media.
MODERN FORMS Ltd. sometimes facilitates the publication of Personal Information through social media such as Twitter and Facebook. Social media have their own privacy policies, which you must take into account if you use such social media. We remind you that publishing content on social media may have certain consequences, including for your privacy or the privacy of the individuals whose Personal Information you share, such as not being able to withdraw the published content within a short period of time. You are fully responsible for what is published by you. MODERN FORMS Ltd. assumes no responsibility in this regard.
15. TRANSFER TO COUNTRIES OUTSIDE THE EEA
Your Personal Data may be transferred to recipients who are located outside the EEA and may be Processed by us and recipients outside the EEA. In connection with any transfer of your Personal Data to countries outside the EEA, MODERN FORMS Ltd. will implement appropriate measures to ensure an adequate level of protection for your Personal Data. These measures may include, for example, agreeing binding contractual clauses with the recipients that guarantee an adequate level of protection.
We will always clearly inform you when your Personal Data is transferred outside the EEA. This information will be provided to you via a separate information obligation clause, which will, for example, be included in certain services (including communication services), e-newsletters, reminders, surveys, offers, event invitations, etc.
16. YOUR CHOICES AND YOUR RIGHTS
We want our operations to be as transparent as possible to you so that you can make reasonable choices about how we should use your Personal Information.
- Your Personal Information
- You can always contact us through the Data Protection Point of Contact (details in Section 3 „Who can you contact in case of questions or requests?”) to find out what Personal Information we have about you and its origin. In certain circumstances, you have the right to receive a copy of the Personal Information you have provided to us in a commonly used, structured, machine-readable format or to request a transfer of your Personal Information to any third party of your choice.
- Your corrections
If you find an error in your Personal Information or if you believe it is incomplete, outdated, or incorrect, you may request that we correct or supplement it.
- Your request for restriction
You have the right to request that we restrict the Processing of your Personal Data (e.g., if the accuracy of your Personal Data is contested, when your Personal Data is not needed for the purposes of the Processing).
- Your objections
You may object to the use of your Personal Information on the basis of the legitimate interests of the Controller (we will cease processing for this purpose unless there are legitimate grounds for processing set out in law, or where processing is necessary for the establishment, investigation or defence of claims).
You may also object to the use of your Personal Data for direct marketing purposes or to the sharing of your Personal Data with third parties for the same purpose.
- Your right to withdraw your consent
At any time, you have the opportunity to withdraw your consent to further Personal Data Processing that you have provided to us. Withdrawal of consent is possible by contacting the Data Protection Point of Contact (details in Section 3 „Who can you contact in case of questions or requests?”).
- Your right to be forgotten
In addition, you may request us to delete Personal Data concerning you (except in certain cases, for example, to prove transactions, to assert or defend claims or when required by law).
- Your right to complain
Please also note that you have the right to lodge a complaint against MODERN FORMS Ltd., as Data Controller to the relevant data protection authority („President of the Personal Data Protection Office”), https://uodo.gov.pl/en.
17. LEGAL INFORMATION
The requirements of this Policy do not supersede any other requirements existing under data protection law. In the event of a conflict between the content of this Policy and the requirements of data protection law, data protection law shall prevail.
MODERN FORMS Ltd. may change this Policy at any time, e.g. in order to comply with current data protection legislation, due to decisions or other acts of state authorities, or in connection with the need to improve the provision of our services. We will keep you informed of any changes by posting the current version of this Policy on our websites at www.themodernforms.com, www.modernforms.eu, www.medals24.com, www.awards-trophies.eu.
In this Policy, the following terms have the following meanings:
- Data Controller / Data Administrator means the organization that determines the purposes of processing and the means by which your Personal Data is processed. Unless we inform you otherwise, the Data Controller is: Modern Forms Ltd. based in Dobrzechów 446b, 38-100 Strzyżów, Poland, registered in the National Court Register kept by the XII Economic Department of District Court in Rzeszów under number: 0000736418, tax ID: PL8191668858. Further information may be provided to you via a separate information obligation clause, which for example will be included in certain services (including communication services), electronic newsletters, reminders, surveys, offers, invitations to events, etc.
- Data Processor means the person or organization processing your Personal Data on behalf of the Data Controller.
- Data Protection Point of Contact means the person appointed by MODERN FORMS Ltd., as a Data Controller, where you can direct your questions or requests regarding this Policy and/or the Processing of your Personal Data and who will deal with such questions and requests. Unless you are informed otherwise, you may contact the Data Protection Point of Contact as described in Section 3 „Who can you contact with questions or requests?”.
- EEA means European Economic Area (= Member States of the European Union + Iceland, Norway and Liechtenstein).
- Personal Data means any information about an identified or identifiable natural person e.g. you or that indirectly identifies you, such as for example name, phone number, email address.
- Processing means an operation or set of operations which is performed upon your Personal Data or sets of such Data, whether or not by automated means, such as collection, recording, organization, organization, storage, adaptation or alteration, retrieval, accessing and all forms of use of Personal Data.