Privacy Policy - CSMI WUM

General Information

This document outlines the Privacy Policy of the website www.csmiwum.pl (hereinafter referred to as the „Website”). The administrator of the Website is CSMI WUM SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, based in Warsaw, at Żwirki i Wigury 61, 02-091 Warsaw, registered in the National Court Register by the District Court for the Capital City of Warsaw, 12th Commercial Division of the National Court Register under number KRS: 0000706395, NIP: 7010780339, REGON: 368854493, with a share capital of PLN 1,400,000.00.

The personal data collected by the Website Administrator are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR).

The Website Administrator takes special care to protect the privacy and information provided by the Website Users. The Administrator exercises due diligence in selecting and applying appropriate technical, programming, and organizational measures to ensure the protection of processed data—especially to secure data from unauthorized access, disclosure, loss, destruction, unauthorized modification, and from unlawful processing.

The services available on the Website are not intended for children under the age of 16. The Administrator does not intentionally collect data relating to children under 16 years of age.

Personal Data

Data Controller

The controller of your personal data is:

CSMI WUM SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ
Żwirki i Wigury 61, 02-091 Warsaw, Poland

You can contact the Data Controller regarding your personal data via:

Email: biuro@csmiwum.pl
Traditional mail: Żwirki i Wigury 61, 02-091 Warsaw, Poland
Phone: +48 22 572 03 15

Purposes and legal bases for processing personal data

The personal data you provide when using the Website are processed for the following purposes and to the following extent:

To provide services such as browsing the Website, searching for content or services, we process data related to your activity on the Website: such as viewed content or services, session data, device operating system, browser, location, unique ID, and IP address.
For statistical purposes related to Website functionality, improving Website usability, and ensuring IT security, we process data regarding your activity on the Website, time spent on individual subpages, search history, location, IP address, device ID, browser data, and operating system information.
To verify browser session authenticity, remember your Website settings, and optimize performance, the Website also collects cookies.

What are „Cookies”?

Cookies are small text files sent by websites and stored on a user’s computer. The information contained in these files can only be read by the site that created them. This means that websites cannot access other files on your device.

What types of cookies do we use?

Our Website uses two types of cookies:

Session cookies – remain on your device until you leave the Website or close your browser;
Persistent cookies – remain on your device for a set period defined in the file parameters, or until manually deleted by you.

Can you opt out of accepting cookies?

You can manage cookie settings at any time, including defining how cookies are stored and accessed on your device. These settings can be changed in your browser options or service configuration. Most browsers allow you to block cookies or alert you when cookies are being placed.

What are the consequences of rejecting cookies?

Some website features may not function correctly or be unavailable, as cookies are used to verify browser session authenticity and optimize Website performance.

Categories of processed personal data

We process the following categories of personal data:

Data related to activity on the Website;
Data collected via cookies, including: HTTP identification (when available), request timestamp, HTTP request line, HTTP response code, referrer URL (if available), browser information, and HTTP error data;
Data collected via Google Analytics – for more information on Google’s data processing policies, visit: https://policies.google.com/technologies/partner-sites?hl=en

Providing personal data is voluntary

Providing required personal data is voluntary but necessary to use the Website.

Data retention

Personal data will be processed as long as necessary to provide services. Logs collected by us are stored indefinitely as supporting material for Website administration. They are not disclosed to anyone except authorized personnel. Statistics generated from logs do not contain identifying information.

Recipients of personal data

Your personal data may be disclosed to:

Entities providing SEO services;
Entities providing hosting services for the Website.

Your rights under the GDPR

You have the right to:

Access your personal data;
Rectify your personal data;
Delete your personal data;
Restrict the processing of your personal data;
Transfer your personal data;
Object to the processing of your personal data;
Withdraw your consent at any time. Withdrawal does not affect processing done before the withdrawal;
Request data portability.

The Administrator will respond without undue delay—and within one month at the latest—to any request. This period may be extended by two additional months due to the complexity or number of requests. You will be informed of any extension within one month of your request, with reasons for the delay.

Right of access (Art. 15 GDPR)

You have the right to obtain confirmation as to whether your personal data are being processed. If so, you have the right to access those data and obtain information about:

The purposes of processing;
Categories of personal data processed;
And receive a copy of your data.

Right to rectification (Art. 16 GDPR)

If your data are incorrect, you have the right to request immediate rectification. You also have the right to request the completion of incomplete personal data.

Right to erasure – „right to be forgotten” (Art. 17 GDPR)

You may request erasure of your personal data when:

They are no longer necessary for the purposes for which they were collected;
You withdraw consent and there is no other legal basis for processing;
The data were processed unlawfully.

Despite such requests, data may still be processed for the establishment, exercise, or defense of legal claims.

Right to restriction of processing (Art. 18 GDPR)

You may request restriction of processing when:

You contest the accuracy of your data – processing will be limited while accuracy is verified;
Processing is unlawful and you request restriction instead of erasure;
The data are no longer needed but are required for legal claims;
You have objected to processing – until it is determined whether the legitimate grounds of the Controller override your grounds.

Right to object (Art. 21 GDPR)

You may object to the processing of your data at any time on grounds relating to:

Processing carried out in the public interest or for the purposes of legitimate interests pursued by the Controller or a third party.

Right to data portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit them to another data controller. Where technically feasible, you may request that the data be transmitted directly.

Right to withdraw consent

You may withdraw your consent to processing your personal data at any time. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.

Lodging a complaint with a supervisory authority

If you believe your data is being processed in violation of the GDPR, you may lodge a complaint with a supervisory authority—especially in the country of your habitual residence, place of work, or the place of the alleged infringement.

In Poland, the supervisory authority is the President of the Personal Data Protection Office (PUODO).