Privacy Policy
PRIVACY POLICY OF „JBG-2” Sp. z o.o. with its registered office in
Warszowice
Contents
1. Introduction 2
2. Personal data 2
2.1. What are personal data and what does the processing mean? 2
2.2. When does this Privacy Policy apply? 2
2.3. In what way, on the basis of which legal basis and what types of personal data are
processed by JBG-2? 3
2.4. How long do we process personal data? 6
2.5. When and how do we transfer personal data with third parties? Do we transfer personal
data to third countries? 6
2.6. What are the rights of Data Subjects and how to exercise them? [information clause] 7
3. Cookies 9
3.1. What are cookies? 9
3.2. Why do we use cookies? 9
3.3. How long will we use cookies? 10
3.4. Can I refuse to accept cookies? 10
3.5. How to disable cookies? 10
4. Final provisions 10
Are changes to this Privacy Policy possible and when? 10
2 | Page
1. Introduction
Personal data protection is treated as one of the most important aspects within „JBG-2” Sp. z o.o.
activity (hereinafter referred to as: „JBG-2”), as well as in the entire JBG corporate group of
companies, of which JBG-2 is a part. As a company, particularly responsible for the production of
professional refrigeration equipment and at the same time as a Data Controller, we feel responsible
for the safety of the personal data. Our aim is to inform you properly about issues related to personal
data processing, in particular, in view of the content of the new data protection regulations, including
the Regulation of the European Parliament and of the Council Regulation (EU) 2016/679 of
27.04.2016 on the protection of natural persons with regard to the processing of personal data and
on the free data movement and repeal of the Directive 95/46/EC (hereinafter referred to as:
“GDPR”). Hence, in this document we inform you about legal basis for personal data processing,
methods of collection and use, as well as the rights of the Data Subjects related to the processing.
JBG-2, as a reliable company, also implements the requirements set forth in the Telecommunications
Law Act, i.e. of 15 September 2017 (Journal of Laws of 2017, item 1907, as amended) in connection
with the use of cookies. JBG-2, as the owner of the website http://jbg2dps.com/, is obliged to inform
the users about the afore-mentioned files, which the internet service places in the user's computer
and for what purpose it does so.
2. Personal data
2.1. What are personal data and what does the processing mean?
Personal data means information about identified or identifiable natural person. Identifiable natural
person is a person who may be directly or indirectly identified, in particular, on the basis of the ID
information such as: first name and surname, ID number, location data, on-line ID or one, or several
specific factors determining the physical, physiological, genetic, mental, economic, cultural or social
identity of a natural person. Personal data processing is, in principle, any act on personal data,
whether or not it is carried out automatically, e.g. collection, storage, retention, organisation,
modification, viewing, use, sharing, limiting, erasure or destruction. JBG-2 processes personal data
for different purposes but depending on the purpose, various ways of collection, legal basis for
processing, use, disclosure and retention periods may apply.
2.2. When does this Privacy Policy apply?
This Privacy Policy applies to all cases in which JBG-2 is a Data Controller and processes personal
data. This applies to both cases in which JBG-2 processes personal data collected directly from the
Data Subject, as well as cases where we have collected personal data from other sources. JBG-2
fulfils its information duties in both cases above-mentioned, i.e. in accordance with Articles 13 and
14 of the GDPR.
The Data Controller means a natural or legal person, public authority, entity or other entity which
individually or jointly with others determines the purposes and ways of processing personal data, and
in this case, the Data Controller is JBG-2, in accordance with the following information:
„JBG – 2” sp. z o.o. with its registered office in Warszowice (43-254), ul. Gajowa 5, the records in the
Register of Entrepreneurs of the National Court Register in the District Court in Gliwice, X
3 | Page
Commercial Division of the National Court Register, KRS number 0000066339, NIP number [Taxpayer
Identification Number]: 6342383421, share capital in the amount of PLN 2.300.000,00.
JBG-2 has designated within its structures a contact person for issues related to personal data -
Inspector for the Protection of Personal Data iod@jbg2.com. In case of any questions or doubts
related to the processing of personal data by JBG-2, please contact us at the above-mentioned e-mail
address.
2.3. In what way, on the basis of which legal basis and what types of
personal data are processed by JBG-2?
We would like to be transparent about the ways and legal basis of processing personal data as well as
the purposes for which JBG-2 processes personal data. We make all effort to indicate the necessary
information in this respect to each person whose personal data are processed by JBG-2 as a Data
Controller. In order to make our explanation of these issues as clear as possible, we present the
following list of personal data processing operations in connection with the operated website.
At the same time, we would like to point out that whenever we process personal data on the basis of
the legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR), we try to analyse and
balance our interest and the potential impact on the Data Subject (positive and negative) as well as
the rights of the Data Subject under the provisions on personal data protection. We do not process
personal data on the basis of our legitimate interest if we conclude that the impact on the Data
Subject would outweigh our interests (in this case we may process personal data if we have
appropriate consent or it is required or permitted by law).
A. Personal data processing of the visitors of the website operated by JBG-2.
In connection with your use of our website, we process the personal data sent by your browser to
our server. The processing of this personal data is necessary for the proper functioning of our
website and to ensure the stability and safety of the user. The processing is carried out on the basis
of Art. 6(1)(f) of GDPR. The data processed should include: IP address, date and time of session start,
time zone information, source page information, access status/http access code, page address,
browser type, operating system and its interface, software language and version of the browser.
The information concerning cookies may be found in point 3 of this Privacy Policy.
B. Personal data processing within the contact form.
In the ‘contact’ tab on our website you will find a contact form that allows you to submit a query
with respect to the business activity conducted by JBG-2.
The contact form collects from the user the following data: first name and surname, e-mail address
and telephone number. Optionally, within the content of the query, the user can make available to
JBG-2 other personal data which are provided voluntarily and in accordance with the will expressed
by the user. The data such as first name and surname, e-mail address or telephone number is
necessary in order for the user to make them available because by providing them we will be able to
accomplish the intended goal, i.e. provide an answer to the question asked by the user.
The contact form meets the requirements of Article 5(1)(c) of the GDPR, i.e. the personal data
processed are adequate, relevant and limited to what is necessary for the purposes for which they
are processed ('data minimisation').
4 | Page
Personal data are processed on the basis of the user’s consent using the contact form, i.e. on the
basis of Article 6(1)(a) of the GDPR. The consent is given on a voluntary basis and by way of your
actions agrees to process his personal data (Article 7 of the GDPR).
It is also crucial that the user independently decides which data he/she provides within the
framework of the contact form with the exception of the necessary minimum information such as
first name, surname and the query itself.
The full scope of rights and obligations of the user in relation to the processing of personal data (in
accordance with Article 13 of the GDPR) has been included in the information clause in point 2.6.
Privacy Policy.
C. Personal data processing within the Google Analytics.
Our website uses Google Analytics, a web analytic service provided by Google Inc (1600
Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Analytics uses cookies stored on the
user’s computer which enable the analysis of the use of the website. The information generated by
the cookies about the use of our website is usually transferred to a Google server in the USA and
stored there. Google will use this information on behalf of the operator of this website for the
purpose of evaluating the use of the website, compiling reports on website activity and providing
other services relating to website activity and internet usage. In exceptional cases where personal
data are transferred to USA, Google provided the EU-USA Privacy Shield.
IP address sent by Google Analytics will not be linked with other data by Google.
You can prevent the storage of cookies by setting your browser software. However, it needs to be
remembered that if you do this, you may not be able to use all the functions of the website. You may
also prevent Google from collecting the data generated by the cookies and related to your use of the
website (including your IP address), as well as the processing of this data by Google using the
appropriate browser plug-in.
We use Google Analytics to analyse and improve the use of our website. Thanks to the statistics, we
may improve our offer and make it more interesting for you as a user.
This website also uses Google Analytics to analyse the number of visits on various devices by means
of a user’s ID.
The legal basis for the processing of personal data is Art. 6(1)(f) of GDPR.
The full scope of the rights and obligations of the user in relation to the processing of personal data
(in accordance with Article 13 of the GDPR) has been included in the information clause in point 2.6.
Privacy Policy.
D. Social Media
On our website you will find links to social networking sites, where information about us and our
activities is posted. The data administrators of those data are the owners of that social networking
sites.
E. Website integration with Google Maps
As part of our website, we also use Google Maps. That is why, we provide the possibility of displaying
the interactive map directly on the website and the convenience of using the map's functions.
5 | Page
In relation to the use of Google Maps, the provisions of section C apply.
2.4. How long do we process personal data?
The length of time we may process personal data depends on the legal basis on which the processing
of personal data is legally required by JBG-2. In the applicable JBG-2’s policies we determine that we
must never process personal data for a period longer than is required by the above-mentioned legal
basis. Accordingly, we inform you that:
a) In the case if JBG-2 processes personal data on the basis of the consent, the processing
period lasts until the intended purpose is achieved or the fixed archiving period expires, in
any case contact form - for the period of the parties' correspondence on the question asked.
b) in case if JBG-2 processes personal data on the basis of justified interest of the Data
Controller, the processing period lasts until the above-mentioned interest ceases (e.g. period
of prescription of civil law claims) or until the Data Subject objects to such processing - in
situations where such objection is legally possible.
a) In the event that JBG-2 processes personal data because it is necessary due to the applicable
legal regulations, the periods of data processing for this purpose are determined by these
regulations.
2.5. When and how do we transfer personal data with third parties? Do we
transfer personal data to third countries?
We only transfer personal data to others if we are permitted to do so by law. In such a case, we
provide for data protection provisions and security features in the relevant agreement with a third
party in order to protect your personal data and to maintain our standards in the scope of data
protection, confidentiality and security.
If we transfer personal data, of which we are the administrator, to other entities for the performance
of certain activities on our behalf, we conclude a special agreement with such an entity. Such
agreements are called personal data processing agreements (Art. 28 of GDPR), thanks to it, JBG-2 has
control over how and to what extent the entity, to which JBG-2 entrusted the processing of certain
categories of personal data, processes them. Personal data processing agreements include
obligations that the personal data processing entity:
- processes personal data exclusively on the Data Controller's documented instructions - including
the transfer of personal data to a third country or an international organisation - unless such an
obligation is imposed on the Data Controller by the Union law or by the law of the Member State of
the processing entity, in such a case the processing entity shall inform the Data Controller of this
legal obligation prior to the start of the processing, provided that this right does not prohibit the
provision of such information on the grounds of important public interest;
- ensures that persons authorised to process personal data have undertaken to keep confidentiality
or are subject to an appropriate statutory confidentiality obligation;
- takes all measures required under Article 32 of the GDPR;
6 | Page
- considering the nature of the processing, it shall, as far as possible, assist the Data Controller,
through appropriate technical and organisational measures, to comply with the Data Subject's
requests for the exercise of its rights set out in Chapter III of the GDPR;
- considering the nature of the processing and the information available to this entity, it shall assist
the Data Controller in fulfilling the obligations set out in Articles 32 to 36 of the GDPR;
- upon termination of the provision of processing services, depending on the decision of the Data
Controller, the processing entity erasures or returns any personal data and deletes any existing
copies, unless the Union law or the law of a Member State requires the storage of personal data;
- makes available to the Data Controller all information necessary to demonstrate compliance with
the obligations set out in Article 28 of the GDPR and allows the Data Controller or auditor authorised
by the Data Controller to carry out audits, including inspections and contributes to them.
In relation to personal data collected by JBG-2 within the operated website http://jbg2dps.com/, no
provision is made for personal data to be made available to third parties, with the exception of
possible access:
- IT company operating the website on behalf of JBG-2;
- entities providing hosting services for JBG-2;
- entities carrying out marketing or sales campaigns for JBG-2;
- other JBG-2’s subcontractors providing services in the field of software, software maintenance
services including website.
Additionally, as it was pointed out previously, JBG-2 is a part of JBG corporate group of companies
and as a result, certain personal data may be transferred to other companies in the JBG corporate
group, which constitutes a legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR).
In the case of personal data transferred outside the territory of the Republic of Poland, it should be
noted that: cross-border transfers may concern the countries which do not belong to the European
Economic Area (‘EEA’) and countries in which there are no regulations specifying special protection
of personal data. We have taken steps to ensure adequate protection of all personal data and the
lawfulness of the transfer of personal data also outside the EEA. In the case of transfer of personal
data outside the EEA to the country, which according to the European Commission does not ensure a
proper level of protection of personal data, the transfer takes place exclusively on the basis of an
agreement considering the EU requirements in the scope of the transfer of personal data outside the
EEA.
2.6. What are the rights of Data Subjects and how to exercise them?
[information clause]
Natural persons have certain rights concerning their personal data and JBG-2, as the Data Controller,
is responsible for the exercise of these rights in accordance with applicable laws. If you have any
questions or requests concerning the scope and exercise of your rights, as well as to contact us in
order to exercise your specific data protection rights, please contact us at the following e-mail
address:
iod@jbg2.com.
7 | Page
We reserve the right to exercise the following rights after positive verification of the identity of the
person applying for a given action.
A. Access to personal data
Natural persons have the right to access the data that we store as a Data Controller. This right mat be
exercised by sending e-mail to the address: iod@jbg2.com.
B. Modification, rectification or erasure of personal data
Modifications, including updating, rectification or erasure of personal data which are processed by
JBG-2 may be carried out by sending e-mail to the address: iod@jbg2.com.
The right to erasure data may be exercised e.g. when personal data of a natural person will no longer
be necessary for the purposes for which they were collected by JBG-2 or a natural person withholds
its consent for data processing by JBG-2. Additionally, if a natural person objects to the processing of
his or her data or if his or her data will be processed unlawfully. The erasure of such data should be
carried out in order to comply with a legal obligation.
C. Withdrawal of the consent
In the event of personal data processing on the basis of a consent, natural persons have the right to
withdraw this consent at any time. We inform about this right at any time during the collection of
consents and allow you to withdraw your consent as easily as it was given. If there is no different
information, i.e. if we have not provided a different address or contact number for withdrawal of the
consent, please send us an e-mail at the following address: iod@jbg2.com.
D. Right to the restriction of processing or object to the processing of personal data
Natural persons have the right to restrict or object to the processing of their personal data at any
time, on the basis of their particular situation, unless processing is required by law.
Natural person may object to the processing of personal data, if:
- the processing of personal data is based on the legitimate interest of the Data Controller or for
statistical purposes and the objection is justified by the particular situation in which it finds itself;
- personal data are processed for the purposes of direct marketing of the Data Controller, including
profiled for this purpose.
In relation to the request to restrict the processing of personal data, we inform you that it is possible
when:
-the Data Subject argues against the correctness of the personal data - for a period allowing the Data
Controller to check the correctness of the data;
- the processing is unlawful and the Data Subject objects to the erasure of personal data and instead
demands the restriction on their use;
- the Data Controller no longer needs personal data for the purposes of the processing, but they are
needed by the Data Subject for the determination, assertion or defence of claims;
- the Data Subject has objected under Article 21(1) of the GDPR to the processing of personal data by
the Data Controller, -until it is determined whether the Data Controller's legitimate grounds are
superior over the Data Subject's grounds for objection.
8 | Page
E. Right to data transfer
The Data Subject has the right to receive, in a structured, machine-readable format in common use,
personal data relating to him/her that has been supplied to the Data Controller and has the right to
forward those personal data to another Data Controller without hindrance of the Data Controller to
whom the personal data have been supplied, if any:
- the processing is carried out on the basis of the consent in accordance with Article 6(1)(a) of the
GDPR or Article 9(2)(a) of the GDPR; or
- under the agreement within the meaning of Article 6(1)(b) of the GDPR; and
- the processing takes place in an automated manner
In exercising the right of personal data transfer, the user has the right to demand that it is sent by the
Data Controller directly to another Data Controller, as far as it is technically possible.
The right of data transfer shall not adversely affect the rights and freedoms of others.
If you wish to exercise these rights, please send an e-mail to the following address: iod@jbg2.com.
F. Further questions, concerns and complaints
If you have any questions, objections or concerns about the content of this Privacy Policy or the way
in which we process personal data, as well as complaints concerning these issues, please send us an
email with details to the following e-mail address: iod@jbg2.com. All complaints we receive will be
considered and answered.
Persons whose personal data are being processed by JBG-2 have the right to lodge a complaint to the
supervisory authority, which is the President of the Office for Personal Data Protection at Stawki 2,
00-193 Warszawa.
3. Cookies
As it was explained in point 2.3. A we use cookies as part of this website. That is why, we would like
to inform you about the most important elements of cookies so that your use of our website is clear
and understandable to you.
3.1. What are cookies?
Cookies are small files that are stored on your electronic device by the websites that you visit.
Cookies contain different information that is often necessary for the website to function properly.
Cookies are encrypted in such a way that unauthorized persons do not have access to them.
Information collected on the basis of cookies may be read only by JBG-2 as well as - due to technical
reasons - trusted partners whose services we use. What is more important, cookies cannot run
programs or transfer viruses to electronic devices.
3.2. Why do we use cookies?
We divide cookies, according to the purpose for which we use them, on:
9 | Page
Basic cookies - installed if the user has given the consent by means of software settings installed on
the electronic device. These cookies include technical and analytical cookies.
Technical cookies - are necessary for the website to function properly. We use them in order to:
- ensure that the website is displayed correctly - depending on which device you are using,
- adapt our services to your choices which are relevant to the operation of the website from technical
point of view, e.g. language chosen,
- remember whether you give a consent to the display of certain content.
Analytical cookies - are necessary to settle with business partners or to measure the effectiveness of
our marketing activities without identifying personal data and to improve the functioning of our
website. We may use them to:
- examine statistics concerning website traffic and check its sources (redirections),
- detect various types of abuse, e.g. artificial Internet traffic (bots).
3.3. How long will we use cookies?
We also divide all cookies according to the time for which they are installed in the user's browser:
Session cookies - remain on the user's device until the user leaves the website or turns off the
software (browser). They are mostly technical cookies.
Permanent cookies - remain on the user's device for the time specified in the file parameters or until
they are manually deleted by the user.
3.4. Can I refuse to accept cookies?
You can always change your browser settings and reject requests for cookies. However, before you
decide to change your settings, please note that cookies serve your convenience in using the
website. Disabling cookies may have influence on how our website is displayed in your browser. In
some cases, the website may not display at all.
3.5. How to disable cookies?
You can delete cookies from your browser at any time and block their reinstallation.
Depending on the browser you use, the option to delete or withdraw your consent to the installation
of cookies may vary. In this case, please refer to the user's manual available from the browser on
your electronic device.
4. Final provisions
Are changes to this Privacy Policy possible and when?
We are obliged to review this Privacy Policy on a regular basis and to amend it when it is necessary or
desirable to do so: new legislation, new guidelines for data protection authorities, best practices in
the area of personal data protection (Codes of good practice, if JBG-2 will be bound by such Codes, of
10 | Page