Purpose and scope of this policy
Who is the data controller of your personal data?
The data controller of your personal data is Frista Retail AG, address: Zügstrasse 2, 6390 Engelberg, Switzerland (hereinafter referred to as “Frista” or "we").
telephone: +41 61 568 64 80
e-mail address: firstname.lastname@example.org
Representative of the controller in the UE is Frista Retail Business Center Sp. z o. o.. address: Al. Jerozolimskie 65/79, 00-697 Warszawa.
telephone: + 48 22 446 01 01
e-mail address: email@example.com]
What data do we process, for what purposes and on which legal basis?
When you actively communicate with us via our Websites, we process the personal data that you voluntarily provide to us. In particular this relates to our following services:
- Contact forms:
When you choose to contact us via the contact form provided on our Websites the personal data you provide to us (e.g., your name, e-mail address, job position, company and company size correspondence) will be processed for the purpose of answering your questions, fulfilling your requests or otherwise communicating with you. In this case, the processing is based on our legitimate interest to answer your requests and to provide you with the requested services and an adequate customer relationship management (Art 6 (1) f GDPR).
If you have subscribed to our newsletter via our Websites, the personal data you provide to us (e.g., your name and email address) will be processed based on your consent (Art 6 (1) a GDPR) for the purpose of sending you the requested newsletter including customized information about our services and available promotions. If you no longer wish to receive the newsletter, you can unsubscribe at any time by clicking the respective link in each newsletter that you receive from us or send us your request for withdrawal by email.
- Marketing and promotional communications: In order to send you further marketing and promotional communications on our services, products, special offers, competitions and events which your company may be interested in, we process your personal data based on our legitimate interests in direct marketing of our products and services (Art 6 (1) f GDPR ).
Some of the data we request in connection with our above services may be marked as mandatory fields. You are not required to provide this data. However, without providing this information we may not be able to process your request or provide our services. We can profile your personal data, which means that we may use the collected information, such as your job position and company, in order to tailor the sent communications to the needs of your company. In such case, however, we do not use your data for profiling consisting in making automated decisions which might affect your legal situation (i.e., we do not use algorithms to make decisions affecting your individual entitlements). You may also visit our Websites without actively providing us with information about you. In this case, we collect certain data that your browser transmits to our website server (i.e., log files) based on legitimate interest in maintaining functionality, stability and security of our Websites (Art 6 (1) f GDPR):
- Our log files contain the following information: (i) date and time of retrieval of our Websites, (ii) type, version and settings of your web browser, (iii) your operating system and internet service provider, (iv) requested pages and files, (v) website used prior to visiting our Websites, as well as (vi) your IP-address.
- The processing of these log files is necessary for us to maintain the functionality, stability and security of our Websites. We may also process them for the purpose of forensic investigations in the case of a security incident or in order to generate user statistics. For statistical purposes your IP-address is used in an anonymized form only.
We generally keep your personal data for as long as this is necessary for the fulfilment of the purpose for which they were obtained. Thus, we process your personal data for the duration of our contractual or service relationship with you or until you object to or withdraw your consent for receiving information about our products and services, as well as our newsletter. You can withdraw your consent for receiving the above-mentioned information and newsletter, easily and at any time, by clicking on the relevant link in the footer of the e-mail which contains the information about our products and services or our newsletter. Beyond this time period, we keep your personal data to comply with statutory retention obligations. As soon as there are no legitimate grounds for the further storage of personal data available, they will either be deleted or anonymized.
Providing data to other recipients
Your personal data may be provided to processors which process data on behalf of Frista, among others to Frista Retail Business Center sp. z o.o., IT service providers and partners who provide data processing services for us or who otherwise process personal data for the purposes described in this policy (such as banks and financial service providers, insurers, financial advisors, professional consultants and external legal advisors). All recipients are obliged to treat your data confidentially and to process it only within the framework of the provision of services, and solely subject to Frista’s instructions. We also transfer your personal data to competent public authorities and other public institutions as required by law or regulation (e.g., tax, supervisory or safety authorities) or to exercise, protect or defend our statutory rights, or to protect your important interests or the important interests of another person.
Transfer of data outside the European Economic Area
Except for Switzerland, your data will not be provided to countries outside the European Economic Area. Switzerland is a country for which an adequate level of data protection was determined by the EU Commission.
What personal data protection rights may I claim?
Under Article 15 of the GDPR you have the right to access to your personal data. In addition, pursuant to Article 16, Article 17 and Article 18 of the GDPR, you have the right, under certain conditions, to rectify your data, demand its erasure and restriction of processing. Under Article 20 of the GDPR you have the right to receive your personal data, which you have provided to the controller, in a structured, commonly used and machine-readable format. Since we process your personal data for purposes arising from legitimate grounds, pursuant to Article 21 of the GDPR you have the right to object to this processing. If you want to exercise the right to object, it will be sufficient, for example, to send an appropriate notification by e-mail to firstname.lastname@example.org with the subject "Personal data protection". In such case, your personal data will no longer be processed, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
You have the right to withdraw your consent which you have given at any time without giving any reason. The withdrawal shall not affect the lawfulness of processing based on consent before its withdrawal.
If you feel that your rights have been violated, you may lodge a complaint with a supervisory authority, in Poland to:
Prezes Urzędu Ochrony Danych Osobowych
[President of the Personal Data Protection Office]
telephone: + 48 22 531 03 00
fax: + 48 22 531 03 01