PL
Facebook-f Youtube Instagram

Privacy Policy

The controller of the personal data of the data subject is Marcin Klejdysz, operating under the business name Orchestra Manager Marcin Klejdysz, with its registered office at Sobolów 172 (postal code: 32-742 Sobolów), REGON number 120929846, NIP 868-164-95-26, and a mailing address at ul. Blich 3/8, 31 502 Kraków.

Purpose of the Privacy Policy

§1

This Privacy Policy is intended to inform users about what personal data is collected about them in connection with their use of the website www.oab.com.pl and how it will be used. It also supplements the personal data protection measures within the scope of Orchestra Manager MK’s operations, including the Personal Data Protection Security Policy within the scope of Orchestra Manager’s operations and the Terms of Use for the INTRANETOAB.PL platform.

Information Related to the Processing of Personal Data

§2

  1. When using the website www.oab.com.pl, the Administrator obtains the following information about the data subject:
    – IP address,
    – operating system used by the data subject,
    – browser,
    – screen resolution,
    – information collected via cookies,
    – date and time of the visit,
    – the URL of the website visited immediately prior to visiting the aforementioned website.
  2. The above data is used to tailor the website’s content to the user’s individual preferences and to generate website visit statistics.

§3

  1. The website uses two types of cookies: session cookies and persistent cookies.
  2. Session cookies are temporary and are stored until you leave the www.oab.com.pl website.
  3. Persistent cookies are stored on the user’s device depending on the user’s browser settings.
  4. You can change your browser settings to block cookies. You can also receive notifications each time a cookie is placed on your device.
  5. Cookie settings depend on your web browser’s configuration, which you can check in the help menu or directly with the browser’s manufacturer (e.g., on their website).

§4

  1. The use of cookies is not intended to track website visitors but to enable the functionality of the www.oab.com.pl website.
  2. The administrator does not collect information that could identify visitors to the website.
  3. Data collected using cookies is not transferred to third parties; it is used exclusively for purposes related to the administration of the website.

Rights of data subjects and obligations of the administrator

§5

Right of access to information regarding data processing

  1. The data subject has the right to obtain confirmation from the Controller as to whether personal data concerning him or her is being processed. To obtain this information, the data subject may submit a request to the Controller via email at oab@2com.pllub or in writing to the Controller’s mailing address.
  2. The Controller is obligated to respond to the request, and if personal data is being processed, to also provide access to the data and disclose the following information:
    a) the purposes of the processing;
    b) the categories of personal data concerned;
    c) information about the recipients or categories of recipients to whom the personal data has been or will be disclosed;
    d) where possible, the planned period for storing the personal data, and where this is not possible, the criteria for determining that period;
    e) if the personal data was not collected from the data subject—any available information about its source;
    f) information regarding automated decision-making, including profiling, and relevant information about the logic involved, as well as the significance and anticipated consequences of such processing for the data subject.
  3. When providing the information referred to in paragraph 2, the controller shall inform the data subject of their right to request the rectification, erasure, or restriction of the processing of personal data, to object to such processing, and to lodge a complaint with a supervisory authority.
  4. The Controller shall provide the data subject with a free copy of the personal data being processed. The copy of the data shall be provided to the data subject on a medium specified by that person.
  5. For any subsequent copies requested by the data subject, the Controller may charge a fee corresponding to the costs of making the copies.
  6. If the data subject requests a copy electronically and unless otherwise requested, the information shall also be provided electronically.
  7. The right to obtain a copy referred to in paragraph 4 shall not adversely affect the rights and freedoms of others.

§6

Right to Rectification and Completion of Data

  1. The data subject has the right to request that the Controller immediately rectify any inaccurate personal data concerning him or her.
  2. The data subject has the right to request the completion of incomplete personal data, taking into account the purposes of the processing, including by providing an additional statement.
  3. The data subject shall submit the requests referred to in paragraphs 1 and 2 to the Controller in writing or electronically.

§7

Right to erasure (“right to be forgotten”)

  1. The data subject has the right to request that the Controller immediately erase personal data concerning him or her, and the Controller is obligated to erase the personal data without undue delay if one of the following circumstances applies:
    a) the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
    b) the data subject has withdrawn the consent on which the processing is based and there is no other legal basis for the processing;
    c) the data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR;
    d) the personal data has been processed unlawfully;
    e) the personal data must be erased to comply with a legal obligation under Union law or the law of the Member State to which the Controller is subject;
    f) the personal data has been collected in relation to the offering of information society services directly to a child (Article 8(1) of the GDPR).
  2. If the Controller has made the personal data public and is required to erase such personal data pursuant to paragraph 1, then-taking into account available technology and the cost of implementation – take reasonable steps, including technical measures, to inform the controllers processing such personal data that the data subject requests that those controllers remove any links to, copies of, or replicas of such personal data.
  3. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
    a) for the exercise of the right to freedom of expression and information;
    b) to comply with a legal obligation which requires processing under Union or Member State law to which the Controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
    c) for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) and Article 9(3) of the GDPR;
    d) for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, insofar as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of such processing;
    e) for the establishment, exercise, or defense of legal claims.

§8

Right to Restriction of Processing

  1. The data subject has the right to request that the Controller restrict processing in the following cases:
    a) the data subject contests the accuracy of the personal data—for a period enabling the Controller to verify the accuracy of such data;
    b) the processing is unlawful, and the data subject opposes the erasure of the personal data, requesting instead that its use be restricted;
    c) the Controller no longer needs the personal data for the purposes of processing, but the data subject requires it for the establishment, exercise, or defense of legal claims.
  2. If processing has been restricted pursuant to paragraph 1, such personal data may be processed, with the exception of storage:
    a) only with the written or electronic consent of the data subject, or for the establishment, exercise, or defense of legal claims,
    b) or to protect the rights of another natural or legal person,
    c) or for important reasons of public interest of the Union or of a Member State,
    d) the data subject has objected to the processing pursuant to Article 21(1) – until it is determined whether the legitimate grounds of the controller override those of the data subject.
  3. Before lifting the restriction on processing, the controller shall inform the data subject who requested the restriction pursuant to paragraph 1.

§9

Obligation to notify of the rectification or erasure of personal data or of the restriction of processing

  1. The Controller shall inform each recipient to whom the personal data have been disclosed of the rectification, erasure, or restriction of processing, unless this proves impossible or would involve a disproportionate effort.
  2. The Controller shall inform the data subject of the recipients of the data if the data subject so requests.

§10

Right to Data Portability

  1. The data subject has the right to receive the personal data concerning him or her, which he or she has provided to the Controller, in a structured, commonly used, and machine-readable format, and has the right to transmit those personal data to another Controller without hindrance from the Controller to whom the personal data were provided, if:
    a) the processing is based on the data subject’s consent;
    b) the processing is based on the data subject’s consent to the processing of special categories of personal data;
    c) the basis for processing is that it is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract;
    d) the processing is carried out by automated means.
  2. When exercising the right to data portability under paragraph 1, the data subject has the right to request that the personal data be transmitted by the Controller directly to another Controller, provided that this is technically feasible.
  3. The exercise of the right referred to in paragraph 1 is without prejudice to the right to be forgotten referred to in §4.
  4. The right referred to in paragraph 1 does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
  5. The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.

§11

Exercise of Rights by the Data Subject

  1. The data subject exercises the rights referred to in §5–§10 of this Privacy Policy by submitting a relevant request to the Controller.
  2. The Controller shall, without undue delay—and in any event within one month of receiving the request—provide the data subject with information regarding the actions taken in connection with the request pursuant to §5–§10 of this Privacy Policy.
  3. If necessary, the time limit referred to in paragraph 2 above may be extended by a further two months due to the complexity of the request or the number of requests. Within one month of receiving the request, the Controller shall inform the data subject of such an extension, stating the reasons for the delay.
  4. If the data subject has submitted their request electronically, the information shall also be provided electronically whenever possible, unless the data subject requests another form.
  5. If the Controller does not take action in response to the data subject’s request, it shall immediately—no later than one month after receiving the request—inform the data subject of the reasons for not taking action and of the possibility of filing a complaint with the supervisory authority and seeking legal remedies in court.
  6. Communication and actions taken pursuant to Sections 5–10 of this Privacy Policy are free of charge. If the data subject’s requests are manifestly unfounded or excessive, in particular due to their repetitive nature, the controller may:
    a) charge a reasonable fee, taking into account the administrative costs of providing information, communicating, or taking the requested actions; or
    b) refuse to take action in response to the request.
    If the Controller has reasonable doubts regarding the identity of the natural person making the request, it may request additional information necessary to confirm the identity of the data subject.
Others