AmRest - Identity Hub

PRIVACY POLICY FOR THE https://webwepfrancfdbpass.azurewebsites.net WEBSITE

DEFINITIONS
1. Controller - AmRest Spółka z o.o. with its registered office in Wrocław, address: Powstańców Śląskich Street 15-17, 53-332 Wrocław.
2. Personal Data - information about an identified or identifiable natural person through one or more factors specific to physical, physiological, genetic, psychological, economic, cultural or social identity, including device IP, location data, Internet identifier and information collected through cookies and other similar technology.
3. Policy - this Privacy Policy.
4. GDPR- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
5. Service - this website operated by the Controller at https://webwepfrancfdbpass.azurewebsites.net for unlocking Users' passwords.
6. User - an employee or associate of the Controller and the Controller's affiliates, visiting the Service or using the functionalities described in the Policy.
DATA PROCESSING IN CONNECTION WITH USING THE SERVICE
1. In connection with the User's use of the Service, the Controller shall collect data to the extent necessary to provide the offered service of unlocking the password, as well as information on the User's activity on the Service. Below are described the detailed principles and purposes of the processing of Personal Data collected by the User while using the Website.
PURPOSES AND LEGAL BASIS OF DATA PROCESSING ON THE SERVICE
USE OF THE SERVICE
1. Personal Data of all persons using the Service (including IP address or other identifiers and information collected through cookies or other similar technologies) is processed by the Controller:
  1. in order to provide the possibility to reset the User's password - then the legal basis for the processing is the Controller's legitimate interest (Article 6(1)(f) GDPR), consisting in the possibility to provide current access to IT systems;
  2. for analytical and statistical purposes - in this case, the legal basis of the processing is the Controller's legitimate interest (Article 6(1)(f) GDPR), consisting in analyzing the Users' activity and their preferences in order to improve the used functionalities and provided services.
2. User activity in the Service, including his/her Personal Data, are recorded in system logs (a special computer program used to store a chronological record containing information on events and actions that concern the IT system used to provide services by the Controller). The information collected in the logs is processed mainly for the purposes related to the provision of services. The Controller also processes them for technical and administrative purposes, to ensure IT system security and management, as well as for analytical and statistical purposes - in this regard the legal basis of the processing is the Controller's legitimate interest (Article 6(1)(f) of the GDPR).
COOKIES AND SIMILAR TECHNOLOGY
1. Cookies are sall text files installed on the device of the User browsing the Website. Cookies collect information making website use easier e.g. by remembering User's visits to the Website and actions performed by him/her.
  SERVICE COOKIES
2. The Controller uses so-called service cookies primarily to provide the User with services provided electronically and to improve the quality of those services. In this regard, the Controller and other entities providing analytical and statistical services to the Controller use cookies to store information or gain access to information already stored in the User's telecommunications terminal equipment (computer, telephone, tablet, etc.). Cookies used for this purpose include:
  1. cookies with data entered by the User (session identifier) for the duration of the session (user input cookies);
  2. authentication cookies used for services that require authentication for the duration of the session;
  3. security cookies, such as those used for detecting authentication abuses (user centric security cookies);
  4. persistent cookies used to personalize the User interface for the session or a little longer (user interface customization cookies).
TOOLS USED BY ADMIN PARTNERS
GOOGLE RECAPTCHA
1. Due to the need to prevent Internet robots from performing certain functions in our System, we use the Google reCAPTCHA mechanism to examine whether the behavior of users bears any signs of robotic behavior. Detailed information about the scope and principles of data collection in relation to this service can be found under the link: https://policies.google.com/privacy/.
MANAGING COOKIES SETTINGS
1. User's consent is not required in the case of cookies, the use of which is necessary for the provision of telecommunications service (‘data transmission in order to display content’).
2. The use of cookies in order to collect data via them, including gaining access to data stored on the User's device, requires the User's consent. This consent may be withdrawn at any time.
3. Withdrawal of consent for the use of cookies is possible through the browser settings. Detailed information on this subject can be found under the following links:
  1. Internet Explorer: https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies
  2. Mozilla Firefox: http://support.mozilla.org/pl/kb/ciasteczka
  3. Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647
  4. Opera: http://help.opera.com/Windows/12.10/pl/cookies.html
  5. Safari: https://support.apple.com/pl-pl/guide/safari/sfri11471/mac
4. You may at any time verify the status of your current privacy settings for the browser you are using using the tools available at the links below:
  1. http://www.youronlinechoices.com/pl/twojewybory
  2. http://optout.aboutads.info/?c=2&lang=EN
PERIOD OF PERSONAL DATA PROCESSING
1. The data is processed for the duration of the service provision, as well as for the time of filing an effective objection against data processing in cases when the legal basis of data processing is the legitimate interest of the Controller.
2. The period of data processing may be extended in case the processing is necessary to establish and assert possible claims or to defend against claims, and thereafter only in the case and to the extent required by law. After the end of the processing period, the data are irreversibly deleted or anonymized.
USER RIGHTS
1. The User has the right to access the content of the data and to request rectification, erasure, restriction of processing, the right to data portability and the right to object to the processing of the data, as well as the right to lodge a complaint with the supervisory authority dealing with the protection of Personal Data.
2. The User has the right to object to the processing of data in connection with the legitimate interest of the Controller, as well as - for reasons related to the User's particular situation - in other cases where the legal basis of data processing is the legitimate interest of the Controller (e.g. in connection with the performance of analytical and statistical purposes).
DATA RECIPIENTS
1. In connection with the provision of services Personal Data will be disclosed to external entities, including in particular vendors responsible for the operation of IT systems, and entities related to the Controller, including companies in its capital group.
2. The Controller reserves the right to disclose selected information concerning the User to competent authorities or third parties who will submit a request for such information on the basis of an appropriate legal basis and in accordance with the provisions of the applicable law.
TRANSFER OF DATA OUTSIDE THE EEA
1. The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Controller transfers Personal Data outside the EEA only when necessary and with an adequate level of protection, primarily by:
  1. cooperating with processors of Personal Data in countries for which there has been a relevant European Commission decision finding an adequate level of protection for Personal Data;
  2. use of standard contractual clauses issued by the European Commission;
  3. application of binding corporate rules approved by the relevant supervisory authority;
2. The Controller shall always give notice of its intention to transfer Personal Data outside the EEA at the stage of collection.
SECURITY OF PERSONAL DATA
1. The Controller conducts risk analysis on an ongoing basis in order to ensure that the Personal Data is processed by him in a secure manner - ensuring in particular that only authorized persons have access to the data and only to the extent necessary for the performance of their tasks. The Controller ensures that all operations on Personal Data are recorded and performed only by authorized employees and co-workers.
2. The Controller shall take all necessary measures to ensure that also its subcontractors and other cooperating entities guarantee the application of appropriate security measures whenever they process Personal Data on behalf of the Controller.
CONTACT INFORMATION
1. Contact with the Controller is possible via e-mail address: kontakt@amrest.eu or via correspondence address: ul. Powstańców Śląskich 15-17, 53-332 Wrocław, or via phone number: 71 3861000.
2. We have appointed a Data Protection Officer with whom you can contact in all matters relating to our processing of your personal data and to exercise your rights in relation to our processing of your personal data.
3. To contact the Data Protection Officer:
  1. email us at iod@amrest.eu;
  2. call us at: 71 3861000;
  3. send a letter (preferably with the note: "Data Protection Officer") to the following address: AmRest Spółka z o.o., Powstańców Śląskich Street 15-17, 53-332 Wrocław.
CHANGES TO THE PRIVACY POLICY
1. The Policy shall be verified on an ongoing basis and updated as necessary.
2. The current version of the Policy has been adopted and is effective as of April 21, 2021.