Privacy Policy and Cookie Policy 

  1. Privacy Policy aims to lay down how personal data is processed by – TREC NUTRITION sp. z o.o. with its registered office in Gdynia, ul. Śmidowicza 48, 81-127 Gdynia, entered into the National Court Register of the District Court Gdańsk-Północ in Gdańsk, 8th Commercial Department of the National Court Register under the KRS number: 0000315748, NIP: 9581602454, REGON:  220696468, share capital: PLN 50, 500.00. 
  2. Cookie Policy outlines the principles and rules of handling and managing data of data subjects, such as collecting, storing and tracking cookies on Users’ Devices connected with providing services electronically by the Service Controller. Cookie Policy also aims to set out the period in which such cookies will be processed and whether such files will be available to any third parties, as set forth in § 7.  

Privacy Policy 

§ 1. Definitions

     § 2. Personal Data Controller, contact data 

The Controller of a User’s personal data is TREC NUTRITION sp. z o.o. with its registered office in Gdynia, ul. Śmidowicza 48, 81-127 Gdynia, entered into the National Court Register of the District Court Gdańsk-Północ in Gdańsk, 8th Commercial Department of the National Court Register under the KRS number: 0000315748, NIP: 9581602454, REGON:  220696468, share  capital: PLN 50, 500.00 

§ 3. Principles and lawfulness related to processing of Personal Data 

In order to demonstrate compliance with the regulations with regard to the processing of personal data and ensure the adequate level of protection and security in order to safeguard the rights and freedoms for our customers, employees, contractors and partners, TREC NUTRITION sp. z o.o.  implemented the personal data protection policy and other procedures that are in line with ‘accountability’ principle (‘lawfulness, fairness and transparency’) under Art. 5 of the GDPR.

  1. The Controller shall collect personal data and the processing of personal data of data subjects shall be lawful and to the extent set out below: 
  1. The Controller shall safeguard the personal data by applying and implementing applying appropriate technical and organisational measures for ensuring the security of the processing any breach of security leading to the accidental,  or unlawful destruction, loss, alteration or unauthorised disclosure of or access to personal data.
  2. Personal data collected lawfully to pursue the abovementioned purposes shall be processed for the period necessary to pursue the said purposes, including the performance of the contract or public interest or in the exercise of official authority vested in the Controller.  
  1. The Controller shall comply with the transparency of processing operations and processing procedures: 
  1. At all times, when processing the personal data, the Collectors shall protect and safeguard the integrity and confidentiality of personal data and access of data subjects to such personal data. In the event, despite appropriate security measures, of personal data breach  (e.g. ‘leakage’ or loss of personal data) leading to the violation of rights and freedom of data subjects highly likely, the Controller shall notify data subject of such infringement in a manner specified in the applicable  regulations. 
  1. The Controller shall make all the necessary endavours to ensure that the Controller, its contractors and related business partners commit to provide for all appropriate  safeguards for the rights and interests of the data subjects when process personal data on behalf of the Controller. 
  1. The Controller shall carry out ongoing risk assessment and monitor the adequacy of all applied safeguards in order to identify potential risks. Should it be necessary, the Controller shall implement additional security measures to ensure proper level of protection of personal data. 

§ 4. Social media

  1. The Controller owns public profiles on social media platforms Facebook and LinkedIn.  Therefore, the Controller processes personal data of persons who visit these profiles (inter alia comments, likes, internet identifiers). Personal data of these visitors are processed in order to enable them be active users on these profiles, in order to improve the usability and functionality of profiles by providing visitors with information on actions and activities related to promoting various events, services and products, for statistical and analytical purposes  and to exercise your rights or defend against claims. The legal framework for processing of personal data on social media is legitimate interest of the Controller (Art. 6 para. 1 letter f of the GDPR) with regard to promoting the brand of the Controller and improving quality of provided services, informing and presenting results and direct communication with our online offerings , and if necessary – to exercise the rights or defend against claims. 
  2. We process personal data, if such personal data is transmitted online and by means of platforms or portals, e.g. by publishing articles about online activity or sending notifications or messages. Moreover, Facebook may, inter alia provide reporting metrics and insights  (e.g. total number of page views, page likes, actions on page, posts, videos, reach, comments, reactions, shares, messages, etc.) that help us better understand and define interests and preferences, thus we can improve on the attractiveness of our articles or the presentation or choose adequate time for publishing. Our internet websites use links to social media platforms, which prevents transmitting of our users’ personal data to social media networks without their consent requested upon visiting our website. The links aim to establish the connection between our online activity in a given social media exclusively upon request  – which is enabled after clicking on a link by a user. After clicking on the link, the IP address, general information from the header of the user’s browser is sent to the respective social network. The respective social network may collect further personal data as soon as you make use of its offers. For example, if you are logged in to your account, Facebook can associate your visit with your account. Please note that we are not aware of the content of the personal data transmitted in the further process or their use by social networks.

§ 5. Data portability and transfer or disclosures to various Recipients

  1. The recipients of data subjects’ personal data, depending on the purpose of the processing, may be e.g. IT solution providers, telecommunications service providers, related partners, persons using websites or social networks with regard to data published there, competent public authorities, agencies or another body as well as any authorised natural and legal persons acting for and on behalf of the Controller.
  1. Transfer of  personal data to Trusted Partners 

The personal data may be made available to the Controller’s Trusted Partners based on the legitimate interest of the Controller or on the basis of consent. It is about sharing your personal data stored in cookies on your devices and its cache (including data provided in the browsing history and data collected during your activity in services) and location data generated by your device – for marketing purposes (including automated analysis of Your activities on websites (cookies, etc.) on your devices and reading such tags.

The above section applies to the processing of your personal data for marketing purposes by Trusted Partners, Trusted Partners being e-commerce companies, advertisers or similar organisations the Controller cooperates with. The list of Trusted Partners can be found on the last page of this document.

Transfer of personal data outside EEA 

Our partners are based mainly in the countries withing the European Commercial Area (EEA) or in Switzerland, recognised as the country that meets an adequate level of personal data protection. Some of our Trusted Partners, e.g. Google or Facebook, are based outside the EEA, therefore we transfer personal data outside the EEA only when necessary, ensuring an adequate level of protection, primarily through:

Users are entitled to request access to their personal data, rectify, delete or restrict  the extent of the processing, transfer their personal data or file a complaint to the Inspector of the Personal Data Protection Office, should their personal data be, in their discretion, processed contrary to the provisions of the above-mentioned regulation.

  1. Users are entitled to object to the processing of personal data when such processing is carried out on the basis of a legitimate interest or consent to promotional activities. In the event that the processing of personal data is carried out on the basis of the data subject having consented to processing of personal data, they are entitled to withdraw such consent. This withdrawal does not affect the compliance of the processing with the applicable law, which was made on the basis of consent prior to its withdrawal.
  2. Rejection of the request or withdrawal of consent can be expressed by sending a letter to the following email address rodo@trecnutrition.com or the Controller’s office address. 

TRUSTED PARTNERS 

………

Google

Facebook

………….

If you wish to obtain information or wish to exercise any of your rights, please contact the relevant controller directly. This is because only the relevant controllers have access to your personal data and can provide you with relevant information and, if necessary, take further action. If you need help in exercising your rights, you can contact us at any time.

More details on the data processing by the respective controller as well as the requirements for rejection (opt-out) can be found in the information provided by the respective controller.

Some of them are listed below:

Service provider : Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland

Privacy policy: https://www.facebook.com/about/privacy/

Website: https://www.facebook.com/legal/terms/information_about_page_insights_data

Opt-out: https://www.facebook.com/settings?tab=ads

Service provider: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, the United States

Privacy policy: https://www.linkedin.com/legal/privacy-policy

Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Cookies policy 

§ 6. Types of cookies used 

  1.  Cookies used by the Controller are safe for the User’s Device. In particular, this way it is not possible for viruses or ransomware, spyware or malware to enter Users’ Devices. These files allow to identify the software used by the User and customise the site’s settings individually to each User in accordance with the agreement. Cookies usually contain the name of the domain they come from, storage time on the User’s Device and the assigned value.
  2. The Controller uses the following types of cookies:

[ YES]                     [ NO ] 

[opt-out cookies are marked consent by default; consent cannot be selected by default; consent is marked if “continue” was selected in the pop-up] 

We wish to get insight into how You, as a User,  use our service. Profiling User’s activity will allow us to gather metrics and statistics which will help us improve our service. For this purpose, we use … .  The activity period is maximum ….. years. 

We also use …………. , which groups the tools for analyses. 

We use …………. to collect data that will generally be aggregated to provide trends and usage patterns over Your multiple visits and to understand which information is most interesting for You as a User. 

  1.  The User may limit or disable access of cookies to User’s Device as set out in § 8. Should you opt for this, the use of the Website will be limited to functions, which, due to their nature, do not require cookies.

§ 7. Purposes for which cookies are used 

  1. The Controller shall deploy its own (first-party) Cookies to optimise configuration of the service, and in particular to: 
  1. The Controller shall deploy its own (first-party) Cookies to authenticate the user on the website and ensure sessions and interaction with the site, in particular to:
  1. The Controller deploys its own cookies to implement the processes necessary for the full functionality of the website, in particular:
  1. The Controller deploys its own cookies to remember a choice user makes over a site’s settings, and in particular to correctly configure selected functions of the Website to enable the tailoring of the content provided to the User, taking into account his or her previous interactions with the website.
  2. The Controller deploys first-party and third-party cookies for analytics strategies and online audience audit, in particular content audit to gather analytics data (about User behaviour) which allows to assess how well the content meets audience needs and allows for improvements.
  3. The service processor uses third-party cookies to log into the website using the Google social networking site (external cookie processor : Google Inc. based in the USA).
  4. The service processor uses third-party cookies to popularize the website using social networking sites Facebook (controller of third party cookies: Faecbook Irleand)

 §8 Cookie management and access 

  1. The User may at any time change the setting preferences for Cookies. Most web browsers allow to manage cookies through the function integrated in the browser, though User may also change the settings by configuring the service. This refers mostly to disabling the use of cookies in the web browser or to request the consent to the installation each time before Cookies are placed on the User’s device. Detailed information on the procedures for managing cookies is available in the software (web browser) settings.
  2. The user may at any time delete cookies using the functions integrated in the web browser.
  3. Restrictions in the use of cookies may affect some of the functionalities available on the website.
  4. The processing of personal data is carried out for the purpose of providing services electronically. The controller is entitled to process any personal data that are required to provide the service. Personal data that are not necessary to provide the service may be processed by the Controller only with the consent.
  5. Each data subject has the right to access their data, to modify them or request deletion. For this purpose, please contact the Controller by letter or by e-mail to the addrrodo@trecnutrition.com.
  6. Data subjects may at any time remove their Account from the Website. All User’s data will be permanently and irretrievably deleted upon such deletion.
  7. If the User submits a request to delete the personal data provided in the Account registration form, further provision of the service is impossible for technical reasons.

§ 9 Storage period and third-party access to Cookie files 

Any international transfer or processing of personal data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or  if the processing takes place in the context of the use of third-party services or any disclosure or transfer of personal data to any third parties, whether person, body or organisation, will only be done if it is to: fulfill our (pre-) contractual obligations, subject to express consent or contractual or legally required transfer. We process or transfer personal data only in third countries with recognised level of data protection and safeguards specified in Art. 44-47 of the GDPR. This means that the processing is carried out based on certain special guarantees such as officially recognised specific contractual obligation s, (the so called “standard protection clauses”).

Therefore, the Controller transfers Personal Data outside the EEA only when it is necessary, with an adequate level of protection in place, in particular:

The Controller always informs about the intention to transfer Personal Data outside the EEA upon collection of such personal data.

Only in exceptional cases may your full IP address be sent to a Google server in the USA.

More information on analytics cookies are provided below.  

CookiesDuration 

§ 10. Changes to the Privacy Policy and Cookies Policy

  1. The Controller may change this Privacy Policy and Cookie Policy at any time without notice. 
  2. Changes made will always be published on this page. The current version published on our website shall apply. 

The changes implemented shall become effective on the day of publication.