GDPR Information Obligation

The information below is a concise, understandable, and transparent summary of the details provided in the Privacy Policy regarding the Data Controller, the purposes and methods of personal data processing, and your rights in relation to this processing, in the form required to fulfill the GDPR information obligation. Details about the processing methods and entities involved in this process are available in the specified policy.

Who is the data controller?

The Personal Data Controller (hereafter referred to as the Controller) is “DG TANK LIMITED LIABILITY COMPANY”, operating at the address: UL. GÓRSKA 151, 34-122 Wieprz, Poland, with the tax identification number (NIP): 5512623149, providing services electronically via the Website.

How can you contact the data controller?

You can contact the Controller in one of the following ways:

Postal address – DG TANK LIMITED LIABILITY COMPANY, UL. GÓRSKA 151, 34-122 Wieprz, Poland

Email address – info@dgtank.pl

Telephone connection – +33 873 29 70

Contact form – available at: https://dgtank.pl/kontakt

Has the Administrator appointed a Data Protection Officer?

Based on Article 37 of the GDPR, the Administrator has not appointed a Data Protection Officer.

For issues related to data processing, including personal data, please contact the Administrator directly.

Where do we obtain personal data from, and what are their sources?

Data are obtained from the following sources:

• From the individuals whose data are concerned
• In the case of registration using social media portals, with their expressed and informed consent, from these social media portals

What is the scope of personal data processed by us?

In the service, personal data are processed that are voluntarily provided by the individuals concerned (e.g., name and surname, login, email address, phone number, IP address, etc.)

The detailed scope of processed data is available in the Privacy Policy.

What are the purposes of our data processing?

Personal data voluntarily provided by Users are processed for one of the following purposes:

• Realization of electronic services:

• Service of registration and maintenance of the User’s account in the Service and functionalities associated with it

Service of commenting/liking entries in the Service without the need to register

• Communication of the Administrator with Users in matters related to the Service and data protection
• Ensuring the legally justified interest of the Administrator

What are the legal bases for data processing?

The service collects and processes Users’ data based on:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
• Art. 6(1)(a) – the data subject has given consent to the processing of their personal data for one or more specific purposes
• Art. 6(1)(b) – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
• Art. 6(1)(f) – processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party
• Act of 10 May 2018 on personal data protection (Journal of Laws 2018, item 1000)
• Act of 16 July 2004 Telecommunications Law (Journal of Laws 2004, No 171, item 1800)
• Act of 4 February 1994 on Copyright and Related Rights (Journal of Laws 1994 No 24, item 83)

What is the legitimate interest pursued by the Administrator?

• For the purpose of possibly establishing, pursuing, or defending against claims – the legal basis for processing is our legitimate interest (Art. 6(1)(f) GDPR) consisting of the protection of our rights, including but not limited to:
• Assessing the risk of potential clients
• Assessing planned marketing campaigns
• Conducting direct marketing

For how long do we process personal data?

As a rule, the indicated personal data are stored only for the period of providing the service within the Administrator’s service. They are deleted or anonymized within 30 days after the end of service provision (e.g., deletion of a registered user account, unsubscribing from the Newsletter list, etc.)

In exceptional situations, to secure the legally justified interest pursued by the Administrator, this period may be extended. In such a case, the Administrator will store the indicated data, from the time of their request for deletion by the User, no longer than for a period of 3 years in the event of a breach or suspicion of a breach of the service regulations by the person concerned.

Who is the recipient of the data, including personal data?

As a rule, the only recipient of the data is the Administrator.

However, data processing may be entrusted to other entities, performing services for the Administrator to maintain the operation of the Service.

Such entities may include, among others:

• Hosting companies, providing hosting services or related services for the Administrator
• IT service and support companies responsible for maintaining IT infrastructure

Will your personal data be transferred outside the European Union?

Personal data will not be transferred outside the European Union unless they have been published as a result of an individual action by the User (e.g., posting a comment or entry), which will make the data available to anyone visiting the service.

Will personal data be used for automated decision-making?

Personal data will not be used for automated decision-making (profiling).

What rights do you have related to the processing of personal data?

• Right of access to personal data

Users have the right to access their personal data, realized upon request made to the Administrator

• Right to rectification of personal data

Users have the right to request the Administrator to immediately rectify incorrect personal data and/or complete incomplete personal data, realized upon request made to the Administrator

• Right to erasure of personal data

Users have the right to request the Administrator to immediately delete personal data, realized upon request made to the Administrator.

In the case of user accounts, deletion of data involves anonymization of data enabling user identification.

In the case of the Newsletter service, the User has the option to independently delete their personal data using the link placed in each sent email message.

• Right to restriction of processing of personal data

Users have the right to restrict the processing of personal data in the cases indicated in Art. 18 GDPR, including questioning the accuracy of personal data, realized upon request made to the Administrator

• Right to data portability

Users have the right to receive from the Administrator personal data concerning the User in a structured, commonly used and machine-readable format, realized upon request made to the Administrator

• Right to object to the processing of personal data

Users have the right to object to the processing of their personal data in the cases specified in Art. 21 GDPR, realized upon request made to the Administrator

• Right to lodge a complaint

Users have the right to lodge a complaint with the supervisory authority responsible for personal data protection.