Home » Cookies Policy
Südzucker Polska SA is committed to protecting your privacy and related personal data, and ensuring required data security. Südzucker Polska SA processes your personal data only in accordance with the rules described below and applicable personal data protection law, in particular the Personal Data Protection Act of 10 May 2018 and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR) (Official Journal of the EU, L 119, 2016, p. 1).
I. Name and address of the Controller
The controller of your personal data is:
Südzucker Polska S.A. with the registered office in Wrocław, ul. Muchoborska 6, tel. +48 71 79 88 900, fax +48 71 79 88 901, e-mail: email@example.com, www.suedzucker.pl, District Court for Wrocław-Fabryczna, 6th Division of the National Court Register, with the reference number KRS 0000134177, share capital of PLN 197,087,493 fully paid up
If you wish to exercise your rights of access, correction, rectification, erasure, or restriction of processing or if you wish to exercise your right to object to the processing of your personal data by Südzucker or the right to personal data portability, you can do so by sending an appropriate declaration to the address of Südzucker’s registered office given above, the Company’s e-mail address or the e-mail address of the Data Protection Officer.
II. Name and address of the Personal Data Protection Officer
Südzucker appointed a Data Protection Officer (hereinafter the “DPO”) who can be reached at: Südzucker Polska S.A., ul. Muchoborska 6, 54-424 Wrocław, tel.: +48 71 79 88 900, fax: +48 71 79 88 901, Company e-mail: firstname.lastname@example.org or Inspektor.Danych.Osobowych@suedzucker.pl
III. General Information About the Processing of Personal Data
1. Scope of processing of personal data
We process the personal data of users (hereinafter “Users”) of Südzucker websites (www.suedzucker.pl including Planter website www.rmp.szgroup.de www.cukier-krolewski.pl, www.muzeumcukrownictwa.pl) and Internet profiles, including social media profiles (Facebook fanpage: Zycie jest słodkie, Instagram: https://www.instagram.com/cukierkrolewski/), and websites of Suedzucker Polska S.A. (application at www.slodkigest.pl) used to promote the Cukier Królewski brand owned by Suedzucker Polska S.A., however, in principle only if it is necessary for the functioning of the website, considering the information or content published on the website. Users’ personal data are processed only based on the consent of such users except in cases when the processing of personal data without the data subject’s consent is permitted by the law.
2. Legal basis for processing of personal data
If the processing of personal data requires the data subject’s consent, the legal basis of processing is Article 6(1)(a) of the GDPR.
If the processing of personal data is necessary for the performance of a contract to which the data subject is party, the legal basis of processing is Article 6(1)(b) of the GDPR. This applies also to processing operations which are necessary to take steps prior to entering into a contract.
If the processing of personal data is necessary for Südzucker’s compliance with a legal obligation, the legal basis of processing is Article 6(1)(c) of the GDPR.
If the vital interests of the person concerned or of another natural person require personal data processing, the legal basis of processing is Article 6(1)(d) of the GDPR.
If data processing is necessary for the purposes of the legitimate interests pursued by Südzucker or by a third party, except where such interests are overridden by the interests, fundamental rights or freedoms of the data subject which require protection of personal data, then the legal basis is Article 6(1)(f) of the GDPR.
3. Data erasure and storage period
The personal data of the data subject is erased as soon as the purpose of processing has ceased to exist. Data can be stored after the purpose of processing has ceased to exist if provided for by applicable law. In such a case, data is erased when the storage period allowed by such law has elapsed.
IV. Accessing a website and reporting login details
Each time you access a Südzucker website, the following data and information from the accessing computer system is automatically stored in our system:
(1) information about the type and version of the Internet browser;
(2) User’s operating system;
(3) User’s IP address;
(4) time of visit;
(5) websites from which the User’s system has been directed to our website;
(6) websites reached by the User’s system via our website.
Data is also stored in the log files in our system. It is stored together with other personal data of the User for up to 30 days.
2. Legal basis for data processing
The legal basis for the temporary storage of personal data in log files is Article 6(1)(f) of the GDPR.
3. The purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the User’s computer. For this purpose, the User’s IP address must be stored for the duration of the website visit.
Log files are stored to ensure the smooth functioning of the website. Additionally, they are used for website optimisation and ensuring the security of our technical and IT systems. In this case, we do not analyse data obtained for the purposes of marketing.
4. Storage period
Data is erased as soon as it is no longer required for the purposes for which it was collected. If data is recorded in order to provide access to a website, it is erased upon completion of the visit.
Log files are erased after 30 days. They can be stored for a longer period provided that Users’ stored IP addresses have been made anonymous so as to prevent identification of the User who visited our website.
V. Cookies and other technologies
A cookie is a small text file saved by a website on your computer, phone, or any other device. Cookies contain data about your use of the website.
By default, web browsers permit for cookies to be stored on your device and to access your device. Some cookies are necessary to make our website work. In other cases, when you first enter our website, we will ask you to agree to installing cookies on your device. If you don’t agree, cookies other than the required cookies will not be installed on your device.
At any time, you can change your cookies settings by means of selecting the relevant options here or by going to the settings menu of your browser. More information on this topic is available at http://www.youronlinechoices.com/pl/twojewybory. If you disable certain cookies, we will consider this to mean the lack of your consent or the withdrawal of your consent—as a result, we will no longer process your data in this respect.
Below, you can read about which cookies we use specifically and, as a result, which companies we may share your data with.
Which cookies do we use?
1. Necessary cookies
- These cookies ensure proper functioning of the website. Unfortunately, you cannot disable them because our website would simply be unable to function.
- In this respect, we use the rodoCookieSettings file, which stores your privacy settings. This includes your consent (or the lack of it) to launching particular types of cookies on our website.
- Other necessary cookies on our website are intended to ensure proper functioning and management of e.g. other tracking tools you accept through the Google Tag Manager.
2. Statistical analyses concerning our website
- We use tools that collect statistical data, which allows us to understand how users use our website. The data we receive from these tools does not provide us with information about specific persons and we do not combine this data with the data you provide us with.
- We use Google Analytics. Google may collect on its servers data acquired from the cookies of various websites. It uses this information in order to compile reports related to website traffic.
- The information Google Analytics collects about users includes for instance the number of times a user has visited the website, the date of the first and last visit, the duration of the visits, the page from which the user entered the website, the search engine used by the user, the links clicked by the user, the location in the world from which the user accesses the website, etc.
- We use Google Analytics in such a way that the IP address is shortened before being forwarded. Only in special cases we transmit your full IP address to Google’s server in the USA where it is shortened. In principle, your anonymized IP address processed by Google Analytics is not combined with other Google data.
- You can prevent Google Analytics from recording information originating from your browser by installing a special plug-in available tutaj. Further detailed information about the functioning of Google Analytics is available here.
- Some of the videos on the website are embedded using YouTube plugins (YouTube is owned by Google). When you play a video on our website, Google is informed about that fact by your browser, even if you don’t have a Google/YouTube account or are currently not logged in. If you have logged in to Google, Google will be able to directly assign the playback of the video to your profile.
- If you want to prevent YouTube from collecting information about your activity on our website, you can:
- decide not to play the video (we inform you about this prior to every playback of a video, unless you have given your general consent to YouTube cookies. Consent to playing a video will be treated by us as consent to play other videos on our website, as well—until you revoke your consent, i.e. until you change your decisions with respect to cookies here), or
- reject YouTube cookies on our website, or
- log out from YouTube.
- More information about the way in which YouTube processes data is available here
The legal basis for our processing of the necessary cookies (as described in section 1, above) is our legitimate interest, i.e. the right to operate a website that supports our business as well as the need to make sure that this website is secure. The legal basis for our use of other cookies is your consent.
How long do the cookies stay on the user’s device?
This depends on whether they are persistent or session cookies. Session cookies, which contain the information necessary to make sure that the browser’s functionalities work correctly, expire at the end of the user’s session (in other words, every time the user closes the website). Persistent cookies, which facilitate the use of the website (for instance, they remember the screen resolution, the layout of content, and the user’s preferences), will be stored by the browser for a longer time, until their expiry date comes, unless the user first deletes them on his or her own, using the settings menu of the browser. Please remember that cookies of external entities are governed by the privacy policies of these entities.
VI. Contact by e-mail
1. Description and scope of data processing
The Südzucker website includes an e-mail address that can be used to contact the company. If the User takes advantage of this possibility, their personal data included with the e-mail address will be stored. Data stored is not made available or transferred to any third parties, but it is used only to engage in and process any conversations/correspondence using the e-mail address.
2. Legal basis for data processing
The legal basis of processing of data sent by Users to the e-mail address included in the Südzucker website is Article 6(1)(f) of the GDPR.
3. The purpose of processing of personal data
Personal data sent to the e-mail address included in the Südzucker website or a data entry mask is processed only to handle the contact form submissions. This is also the basis of our legitimate interest in the processing of such personal data.
4. Storage period
Data is erased as soon as it is no longer required for the purpose for which it was collected. If personal data is sent by e-mail or via a data entry mask, it is erased upon completion of the conversation/correspondence with the User. The conversation/correspondence is deemed completed if it can be assumed on the basis of facts and content that the case at hand has been solved.
5. Opportunity to object and erase data
The User can at any time withdraw consent to the processing of their personal data. If the User contacts us by e-mail, they can object at any time to the storage of their personal data. In such a case, the conversation/correspondence can not be continued and User’s personal data that has been collected and stored by Südzucker in relation with the User’s use of the e-mail address included in our website are deleted.
VII. Google maps
1. Description and scope of data processing
Our website uses Google Maps api to present geographic information to our clients. The service is provided by Google LLG., 1600 Parkway Mountain View, CA 94043, USA. When using Google Maps or visiting a website, data is usually collected, processed and stored. More information about data processing by Google can be found in Google data protection guidelines.
2. Purpose and legal basis for data processing
By using Google Maps, website functionality is improved. The purposes of processing referred to above form a legitimate interest (Article 6(1)(f) of the GDPR).
3. Opportunity to object and erase data
You can object to the collection, storage and use of information by Google at any time with effect for the future by installing a browser plugin provided by Google.
VIII. Rights of the data subject
If your personal data is being processed, your rights under the GDPR as regards the controller are as follows:
1. Right of access to personal data by the data subject
You may require the data controller to confirm if your personal data is being processed. If it is, you can require the controller to provide the following information:
(1) purposes of processing;
(2) the categories of personal data concerned;
(3) the recipients or categories of recipient to whom the personal data have been or will be disclosed;
(4) the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(5) the existence of the right to request from the data controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject and to object to such processing;
(6) the right to lodge a complaint with a supervisory authority.
You have the right to require information of your personal data is transferred to a third country or to an international organisation. In this respect, you can also require information about the appropriate safeguards pursuant to Article 46 of the GDPR relating to the transfer.
To exercise your right to obtain information referred to above, please contact us directly using the contact details included in our website or contact our data protection officer (see items I and II).
2. Right to rectification
You have the right to request from the data controller rectification and/or completion of data, provided that your personal data subject to processing is incorrect or incomplete. The controller must immediately perform the rectification.
3. Right to restriction of processing
You can require restriction of processing of personal data concerning you in the following cases:
(1) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
(3) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
(4) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
Where personal data processing has been restricted, such data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
The controller notifies the restriction of processing to the data subject who required the restriction according to the above criteria.
3. Right to erasure
a) obligation of erasure
You can require the controller to erase personal data concerning you without delay and the controller shall have the obligation to erase such personal data without undue delay where one of the following grounds applies:
(1) the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
(2) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
(3) the data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR;
(4) the personal data has been unlawfully processed;
(5) the personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
(6) the personal data has been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
b) Information made available to third parties
Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
The right to erasure does not apply if processing is necessary in the following situations:
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(4) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) of the GDPR;
(5) for the establishment, exercise or defence of legal claims.
5. Right of notification
If you have exercised your right to request from the controller rectification or erasure of personal data or restriction of processing of personal data, the controller is obliged to notify all recipients to whom the personal data has been disclosed of the rectification or erasure of personal data or restriction of processing of personal data, except where it is impossible or involves disproportionate effort.
Upon request, you have the right to be notified by the controller of any recipients referred to above.
6. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format and have the right to transmit such data to another controller without hindrance from the controller to which the personal data has been provided, where:
(1) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1) of the GDPR; and
(2) the processing is carried out by automated means.
In exercising your right to data portability, you can have the personal data concerning you transmitted sent directly from the controller to another controller, where technically feasible.
The right referred to above must not adversely affect the rights and freedoms of others.
The right to data portability does not apply to the processing of personal data which is required for the performance of a task carried out in the public interest or in the exercise of official authority by the controller.
7. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) of the GDPR.
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
8. Right to withdraw the consent to processing
If the processing of personal data is based on Article 6(1)(a) or Article 9 (2)(a) of the GDPR, you have the right to withdraw the consent to the processing of your data at any time. The withdrawal of consent shall not, however, the lawfulness of processing based on consent before its withdrawal.
9. Right to notify a personal data breach to a supervisory authority
Without prejudice to any other administrative or non-judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the Regulation (GDPR).
The supervisory authority that receives the complaint shall notify the complainant of the progress or outcome of the complaint or the complainant will have the right to bring proceedings against the supervisory authority in a case referred to in Article 78 of the GDPR.
The competent authority for data protection is the President of the Office for Personal Data Protection.
Office for Personal Data Protection
Stawki 7 Street
01-193 Warsaw, Poland
Helpline + 48 606 950 000
fax: + 48 22 531 03 01
Further information can be found on www.uodo.gov.pl.
IX. Links to other websites
Please also note that if Südzucker processes the personal data of Südzucker profile users in social networks, including facebook.com or Instagram, the controller processes only the personal data sent to them, published in their profile or made available by you through an appropriate configuration of account privacy settings in the portal. However, we can use your personal data for statistical purposes using tools provided by a given social network (such tools may also use profiling). The rules governing the processing of personal data for such purposes are defined in the portal’s terms and conditions, policies and regulations. Please read them before taking the decision to make your data available or to determine the scope and manner of making your data available.
We take all security measures to protect your personal data from unintended or unlawful access, erasure, alteration, loss or unauthorised disclosure.
Whenever your data is transmitted through our website, we use a secure socket layer (SSL) to encrypt it. We also protect our website and our other systems and personal data with appropriate technical and organisational measures, in particular from loss, destruction, unauthorised disclosure, alteration or transmission of data to third parties.
Version 1.0, May 2018