Privacy policy of the INBOX24 website and the INBOX24 application
1. The privacy policy of the INBOX 24 website and the INBOX24 application is not a source of obligations for their Users. In terms of information, it contains provisions regarding the processing of personal data by the Administrator, including the statutory grounds for processing, the purposes of personal data processing and the rights of the people the data refer to. The document also includes information regarding the use of cookies and other tools.
2.The administrator of personal data collected by the INBOX24 website and the INBOX24 application is Blue Volt Ltd., located in Toruń at Żwirki i Wigury st. 70C/50A, 87 – 100 Toruń, registered by the District Court in Toruń, 7th Commercial Division of the National Court Register, into the Register of Entrepreneurs under KRS (National Court Register) numbers: 0000803308, NIP (taxpayer identification number): 9562353820, REGON (National Official Business Register): 38433382400000 - hereinafter referred to as the ‘Administrator’, which is also the Service Provider INBOX24 website and INBOX24 application, an owner of automatic delivery machines and lockers.
3. Personal data in the Application are processed by the Administrator in accordance with applicable law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and in on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) - hereinafter referred to as ‘GDPR’ or ‘GDPR Regulation’.
4. Using the INBOX24 website and the INBOX24 application is voluntary. Similarly, providing personal data by the user is voluntary, subject to the following cases: (1) concluding contracts with the Administrator and registering on the website - failure to provide results in the inability to conclude a contract or register on the website. Each time, the scope of data required to conclude a contract is previously indicated in the regulations. (2) the Administrator's statutory obligation - providing personal data is a statutory requirement resulting from generally applicable provisions of law imposing on the Administrator the obligation to process personal data (e.g. data processing for the purpose of keeping tax or accounting books) and the lack of it will make it impossible to perform the obligations.
5. The interests of persons to whom the personal data processed by him/her relates to special protection, which is implemented primarily by assuming that the data collected by the Administrator are:
- processed lawfully
- processed lawfully
- factually correct and adequate in relation to the purposes for which they are processed
- stored in a form that allows the identification of data subjects for no longer than it is necessary to achieve the purpose of processing
- processed in a manner that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures
- implementing technical and organizational measures for lawful processing
- using technical measures to prevent the acquisition and modification by unauthorized persons of personal data sent electronically.
6. The administrator is entitled to process personal data in cases and to the extent that - at least one of the following conditions is met:
- the data subject has consented to the processing of his/her personal data for one or more specific purposes.
- processing is necessary for the performance of a contract to which the data subject is a party or in order to take action at the request of the data subject prior to entering into a contract
- processing is necessary to fulfil the legal obligation imposed on the Administrator
- processing is necessary for the purposes of the legitimate interests pursued by the Administrator or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data, in particular when the data subject is a child.
7. . The processing of personal data by the Administrator requires the occurrence of at least one of the grounds indicated in point 6 of the privacy policy each time. However, each time the purpose, basis, period and scope as well as recipients of personal data processed by the Administrator stem from the actions taken by a given User of the INBOX24 website or the INBOX24 application.
8. . If it is necessary to use external entities, the Administrator guarantees the use of services of such entities that ensure sufficient security and lawfulness of processing.
9. The administrator provides data only when it is necessary to achieve a given purpose of personal data processing and only to the extent necessary to achieve it.
10. . Personal data of Users of the INBOX24 website and the INBOX24 application may be transferred to the following recipients:
- entities handling electronic payments or payment cards - in case of using the method of electronic payments or card payments and to the extent necessary to handle the payment made by the Customer.
- Providers of technical, IT or organizational services (in particular, providers of computer software for running the website and applications, e-mail and hosting providers, and providers of software for managing the company and providing technical assistance to the Administrator) and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy.
- Accounting providers, legal and advisory services providing the Administrator with accounting, legal or advisory support (in particular an accounting office, law firm or debt collection company) and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy.
11. A user using the INBOX24 website and/or the INBOX24 application has the right to:
- access, rectification, restriction, deletion (‘right to be forgotten’) or transfer of disclosed data (Articles 15-21 of the GDPR Regulation)
- object to processing (Articles 15-21 of the GDPR)
- withdrawal of consent at any time without affecting the lawfulness of the processing which was made on the basis of consent before its withdrawal
- lodge a complaint with the supervisory authority in the manner and manner specified in the provisions of the GDPR Regulation and Polish law, in particular the Act on the Protection of Personal Data. The supervisory authority in Poland is the President of the Office for Personal Data Protection.
- The administrator in such a case is no longer allowed to process this personal data, unless he demonstrates the existence of valid legally justified grounds for processing, overriding the interests, rights and freedoms of the data subject, or grounds for establishing, investigating or defending claims.
12. The right to object in the field of direct marketing - if personal data is processed for the purposes of direct marketing, the data subject has the right to object at any time to the processing of personal data concerning him for the purposes of such marketing, to the extent that the processing is related to such direct marketing.
13. In order to exercise the rights referred to above, please contact the Administrator by sending a message - in a written way to the Administrator's address via post office or by e-mail to the Administrator's e-mail address indicated above.