PRIVACY POLICY AND COOKIES POLICY ON

WWW.HRMRACING.ORG

GENERAL PROVISIONS

This Privacy Policy of a website available at www.hrmracing.org (hereinafter “the Website”) is for information purposes and does not give rise to any obligations for the Website users. The Privacy policy sets out the rules of processing personal data by the Website administrator, including the purpose and scope of such processing, the rights of data subjects and information about the use of cookie files and analytical tools.

The controller of personal data collected via the Website is HRM Racing Foundation seated in Poznań, entered into the National Court Register of Associations, Other Social and Professional Organisations, Foundations and Public Health Care Institutions under no KRS 0000570896; registration court which keeps the Foundation’s documents: District Court (Sąd Rejonowy) in Poznań – Nowe Miasto i Wilda in Poznań, VIII Economic Division of the National Court Register; registered and correspondence address at ul. Marcelińska 90, 60-324 Poznań, NIP (tax identification number): 7811913873, business identification number (REGON): 362235263, e-mail address: info@hrmracing.org, phone number: +48 603 410 933 (charges according to the Operator’s tariff) (hereinafter: “HRM Racing“, “the Owner” or “the Administrator“).

The Controller processes personal data on the Website in accordance with the applicable provisions of law, including but not limited to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “the GDPR“. The official text of the GDPR: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0679
You use the Website voluntarily. Using the Website does not require from you any personal data, unless you want to use the contact form available on the website – in that case you must provide your contact details in the scope specified in the Website’s Terms of Use and failure to provide the data makes it impossible to send the given contact form.

The Administrator exercises due diligence to protect the interest of data subjects, in particular the Controller is responsible for and ensures that the data it collects are: (1) processed lawfully; (2) collected for specific, lawful purposes and are not further processed in a way incompatible with those purposes; (3) adequate, relevant in relation to the purposes for which they are processed; (4) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed, and (5) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Considering the nature, extent, context and purpose of the processing and the risk of infringing the rights or freedom of a natural person of varied probability and varied scale of threat, the Administrator implements adequate technical and organisational measures to process data in compliance with this regulation and be be able to demonstrate it. The measures are subject to review and update if needed. The Administrator applies technical measures to protect electronically sent data from unauthorized access and modification.

CONTACT DETAILS

The Administrator’s contact details

HRM Racing Foundation
ul. Marcelińska 90, 60-324 Poznań
e-mail: info@hrmracing.org
telephone: +48 603 410 933

BASIS FOR THE PROCESSING

The Administrator may process personal data if and to the extent that at least one of the following applies: (1) the data subject has given consent to the processing of his or her personal data for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the Administrator is subject; (4) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Each processing of personal data by the Administrator requires the occurrence of at least one of the above grounds. Specific grounds for the Administrator’s processing of the personal data of Website users are indicated in the subsequent paragraph of the Privacy Policy – with reference to a given purpose of processing.

PURPOSE, BASIS DURATION AND SCOPE OF DATA PROCESSING ON THE WEBSITE

In each case the purpose, basis, duration and scope as well as the recipients of personal data processed by the Administrator depends on the user’s activity on the Website. The Administrator may process personal data on the Website for the following purposes, on the following grounds and in the following scope:

Purpose of data processing

Legal basis for the processing and retention period

Scope of data processing

Newsletter

The basis of processing of the personal data is

1) Article 6(1)(a) GDPR (consent of the data subject)

Moreover, the basis of receiving commercial information, distributed within the Newsletter, is Your consent, pursuant to art. 10 sec. 2 of the Act of 18 July 2002 on Electronic Provision of Services, which is granted at the moment of signing to the Newsletter.

The retention of data is respectively:

1) for the period of providing newsletter service or till the withdrawn of the consent;

2) for the duration of the legitimate interest pursued by the Administrator, in order to demonstrate that newsletter services were provided on the basis of previous consent of data subject.

e-mail address and Name

Recruitment procedure, responding to a recruitment application,

Depending on the purpose of the contact:

1) Article 6(1)(a) GDPR (consent of the data subject) or

2) Article 6(1)(b) GDPR (performance of a contract or taking steps at the request of the data subject prior to entering into a contract)

The retention of data depends on the legal basis – respectively:

1) for the recruitment process period and after it was done for the duration of membership in the HRM Racing team (in the case of admitted candidates) or the one year from the date of end recruitment (in the case of rejected candidates);

2) for the duration of the legitimate interest pursued by the Administrator however no longer than for the period of limitation of the claims against the data subject.

Contact form for the person interested to join the HRM Racing team: name, surname, e-mail, age, place of residence and other data provided by the data subject in a CV.

Contact via e-mail

The basis of processing of the personal data is:

1) Article 6(1)(a) GDPR (consent of the data subject), and after the end of the contact

2) Article 6(1)(f) GDPR (archiving of the electronic correspondence which is a legitimate interest pursued by the controller)

The personal data is retention for the period of communication with HRM Racing. After the end of the contact, the personal data may be delated, but it can be also archived, for the purpose of demonstrating the correspondence process in the future. Therefore we can not clearly identify a time when we will delete correspondence with you.

e-mail address, other data provided by the data subject in the correspondence.

DATA RECIPIENTS ON THE WEBSITE

For the Website to work properly the Administrator must use services of external providers (such as a hosting company, etc.). The Administrator uses services provided only by such processing operators who provide sufficient guarantee to implement appropriate technical and organisational measures, so that the processing meets the GDPR requirements and protects the rights of the data subject. Personal data is not transferred to any third country or to any international organisation.

The transfer of personal data by the Administrator is not done each time and is not done to all recipient or categories of recipients indicated in the Privacy Policy – the Administrator transfers data only if the Administrator has the data and if it is necessary to carry out the purpose of data processing and only in the scope necessary to carry it out.

Personal data of the Website users may be transferred to the following recipients or categories of recipients: service operators providing technical, organisational and IT solutions to the Administrator, enabling the Administrator to operate its business activity, including the Website and services offered thereon (including in particular providers of software for the Website, e-mail operators and web hosting providers). The Administrator shares the collected personal data of the user to a selected provider operating at the Administrator’s order only if and only to the extent to which it is necessary to carry out the purpose of data processing in compliance herewith.

RIGHTS OF THE DATA SUBJECT

Right to access, rectify, restrict, delete or transfer – the data subject may demand from the Administrator to have access to their personal data, to rectify it, to delete it (“the right to be forgotten”) or to restrict the processing thereof, may make an objection against the processing and may transfer their data. Detailed terms and conditions of exercising the above rights are set out in Art. 15-21 of the GDPR.
Right to withdraw the consent at any time – the data subject whose data is processed by the Administrator on the basis of their consent (according to Art. 6 (1)(a) or Art. 9(2)(a) of the GDPR) may withdraw their consent at any time and this will not affect the lawfulness of the processing done prior to the withdrawal.
The right to make a complaint to a supervisory authority – the data subject may file a complaint to a supervisory authority in the manner laid down in the GDPR and in the provisions of Polish law, including but not limited to the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office.
Right to object – the data subject has a right to object at any time – on the grounds related to their specific situation – against the processing of their data on the basis of Art. 6 (1)(e) (public tasks or interest) or Art. 6 (1)(f) (legitimate interest of the controller), including profiling on the basis of the same provisions. In such case the Administrator may no longer process such personal data unless the Administrator demonstrates that there are valid legitimate grounds for processing which overrides the interests, rights and freedoms of the data subject or for establishing, pursuing or defending a claim.
Right to object against direct marketing – if personal data is processed for the purpose of direct marketing, the data subject may at any time object against the processing of their data for such purpose, including the profiling, to the extent that the processing is linked to such direct marketing.

To exercise the rights referred to in this section of the Privacy Policy you may contact the Administrator by sending relevant message in writing or by e-mail to the Administrator’s address.

COOKIES ON THE WEBSITE, OPERATIONAL DATA AND ANALYTICS

Pliki Cookies (ciasteczka) są to niewielkie informacje tekstowe w postaci plików tekstowych, wysyłane przez serwer i zapisywane po stronie osoby odwiedzającej Stronę (np. na dysku twardym komputera, laptopa, czy też na karcie pamięci smartfona – w zależności z jakiego urządzenia korzysta odwiedzający naszą Stronę). Szczegółowe informacje dot. plików Cookies, a także historię ich powstania można znaleźć m.in. tutaj: http://pl.wikipedia.org/wiki/Ciasteczko.

Cookies are small pieces of text information in the form of text files sent through the server and saved on the device of the Website visitor (e.g. on the hard drive of a computer, laptop or smartphone’s memory card – depending on the device used by the Website visitor). Detailed information on cookie files with their history and origin is available at https://en.wikipedia.org/wiki/HTTP_cookie.

When a visitor uses the Website, the Administrator may process data contained in the cookie files for the following purposes: (1) provide basic functionalities of the Website such as session continuity, storage of dynamic data such as statistics, summaries, (2) adjusting the content of the Website to the Customer’s personal preferences (e.g. language of the site), (3) keeping statistics, through which may identify a way of using the Website by his users, thanks to this it is possible to improve a level of satisfaction by using the Website (user experience design) and (4) remarketing, it means a research on the behavior of Website users through anonymous analysis of their activities (e.g. from which sources they entered on Website, which content they were interested) in order to create their profile and provide them online advertisements which is close to their interests, when they visit websites which use Google Inc. Display Network plugins.
Typically the majority of available web browsers automatically accept cookies by default. Each user may define in their browser’s settings how cookies are to be used. This means you can e.g. partially limit (e.g. for a certain period of time) or completely block saving cookies – in the latter case this may affect some functionalities of the Website (for example it may become impossible to remember what language you have selected on the Website).

Browser’s cookie settings are significant when it comes to a consent for using cookie files by the Website and its Administrator – according to the provisions of law, the consent may also be expressed by the browser’s settings. If you refuse to give such consent, you should also change your browser’s cookie setting accordingly.
Detailed information on how to change cookie settings and how to delete them in the most popular web browsers is available in Help section of your web browsers .

The Administrator may use on the Website of tools called Google Analytics, Universal Analytics tools provided by Google Inc. This service helps the Administrator in analyzing the traffic on the Website. The data collected data is processed in the above service in an anonymized way (these data is called operating data, which means that it is impossible to identify a specific person) to generate statistics helpful for the Administrator of the Website. These data are aggregated and anonymous in nature. It means that they do not contain any details through which is possible to identify the visitors of the Website. The The Administrator using the aforementioned service collects such data as the source and medium of obtaining users of the Website, the way of their behavior on the Website, information which electronic devices they using, IP and domain, geographic data and demographic data (age, sex) and interests.

Specific information about using the data in the Google Analytics service you can find under the below link: https://support.google.com/analytics/answer/3379636?hl=en.

EXTERNAL LINKS

On our Website, you can also find links to the other websites. These websites are not covered by this Privacy Policy. By clicking on the link, the user will be moved to a different website. The Administrator does not have any impact on the content which is available on such website, and he also is not responsible for any acts or omissions of administrators of these websites.