PRIVACY POLICY

        1. DEFINITIONS

Administrator – Atlantis – Investment Sp. z o.o., ul. 1 Dywizji Pancernej 45/119, 43-300 Bielsko-Biała, Poland,
NIP: 5472243304, KRS: 0001084184, REGON: 527554489.

Personal data – all information about a natural person identified or identifiable by one or more specific factors determining their physical, physiological, genetic, mental, economic, cultural, or social identity, including a device’s IP address, location data, online identifier, and information collected through cookies and other similar technologies.

Policy – ​​this Privacy Policy.

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Website – the website operated by the Administrator at www.atlantis-ingredients.com.

User – any natural person visiting the Website or using one or more of the services or functionalities described in the Policy.

         2.  DATA PROCESSING IN CONNECTION WITH THE USE OF THE WEBSITE

In connection with the User’s use of the Website, the Administrator collects data necessary for commercial contact, as well as information about the User’s activity on the Website using cookies. Detailed principles and purposes of processing personal data collected during the use of the Website are described below.

         3.  PURPOSES AND LEGAL BASIS FOR DATA PROCESSING ON THE SERVICE

USE OF THE ATLANTIS-INGREDIENTS.COM SERVICE

The personal data of all users of the Service (including IP address, online identifiers, and data collected by cookies) who do not have a user account are processed by the Controller:

1. for the purpose of providing services electronically, including providing access to content posted on the Service and providing contact forms – the legal basis is Article 6(1)(b) of the GDPR (necessity for the performance of the contract),
2. for the marketing purposes of the Controller or cooperating entities, in particular those related to the presentation of behavioral advertising – these principles are described in the “MARKETING” section.

User activity on the Service, including their personal data, may be recorded in system logs. This data is processed for technical purposes, ensuring the security of IT systems, creating backups, detecting errors, and preventing abuse.

CONTACT FORMS

The Administrator provides the ability to contact the Administrator using electronic contact forms. Using the form requires the provision of personal data necessary to contact the User and respond to the inquiry. The User may also provide other data to facilitate contact or process the inquiry. Providing data marked as mandatory is required to accept and process the inquiry, while failure to provide it will result in the inability to process the inquiry. Providing the remaining data is voluntary.

Personal data is processed:

to identify the sender and process their inquiry submitted via the form provided – the legal basis for processing is the necessity of processing for the performance of the service contract (Article 6, paragraph 1, letter b of the GDPR);

         4. MARKETING
The Administrator processes Users’ personal data for marketing purposes, which may include:

sending email notifications about interesting offers or content, which in some cases contain commercial information;

conducting other activities related to the direct marketing of goods and services (sending commercial information electronically and telemarketing activities). To implement marketing activities, the Controller uses profiling in some cases. This means that through automated data processing, the Controller evaluates selected factors relating to individuals in order to analyze their behavior or create future forecasts.

       5. DIRECT MARKETING

1. If the User consents to receiving marketing information (email, text messages, other electronic channels), the Controller processes the data for the purpose of sending such information.
2. The legal basis is the Controller’s legitimate interest—Article 6, paragraph 1, letter f of the GDPR.
3. The User may object to the processing of data for marketing purposes at any time.
4. The data will be stored until such objection is filed.

      6. SOCIAL MEDIA

1. The Controller processes the personal data of Users visiting the Controller’s social media profiles (Facebook, YouTube, Instagram). This data is processed solely for the purpose of maintaining the profile, including to inform Users about the Controller’s activities and to promote various events, services, and promotions.

       7. COOKIES AND SIMILAR TECHNOLOGIES

Service Cookies

The Administrator uses service cookies primarily to provide the User with electronic services and to improve the quality of these services. Therefore, the Administrator and other entities providing analytical and statistical services to the Administrator use cookies to store information or access information already stored on the User’s telecommunications terminal device (computer, telephone, tablet, etc.). Cookies used for this purpose include:

1. cookies with data entered by the User (session identifier) ​​for the duration of the session (user input cookies);
2. authentication cookies used for services requiring authentication for the duration of the session (authentication cookies);
3. cookies used to ensure security, e.g., used to detect authentication abuse (user-centric security cookies);
4. session cookies for multimedia players (e.g., Flash player cookies), for the duration of the session (multimedia player session cookies); Persistent cookies used to personalize the User
5. interface for the duration of a session or slightly longer (user interface customization cookies),
6. cookies used to remember the contents of a shopping cart for the duration of a session (shopping cart cookies);
7. cookies used to monitor website traffic, i.e., data analytics, including Google Analytics cookies (these cookies are used by Google to analyze how Users use the Website and to create statistics and reports on the operation of the Website). Google does not use the collected data to identify Users, nor does it combine this information to enable identification. Detailed information on the scope and principles of data collection in connection with this service can be found at: https://www.google.com/intl/pl/policies/privacy/partners.

Marketing Cookies

The Administrator also uses cookies for marketing purposes, including in connection with targeting Users with behavioral advertising. For this purpose, the Administrator stores information or accesses information already stored on the User’s telecommunications terminal device (computer, telephone, tablet, etc.). The use of cookies and the personal data collected through them for marketing purposes, particularly in the promotion of third-party services and goods, requires the User’s consent. This consent can be expressed through appropriate browser configuration and can also be withdrawn at any time, in particular by clearing cookie history and disabling cookies in the browser settings.

         8. DATA PROCESSING PERIOD

1. The period of data processing by the Controller depends on the type of service provided and the purpose of processing. As a rule, data is processed for the duration of the service provision or order fulfillment, until the consent is withdrawn or an effective objection to data processing is raised in cases where the legal basis for data processing is the Controller’s legitimate interest.
2. The data processing period may be extended if processing is necessary to establish, pursue, or defend against potential legal claims, and after that period only if and to the extent required by law. After the processing period expires, the data is irreversibly deleted or anonymized.

          9. USER RIGHTS
Data subjects have the following rights:
Right to information about personal data processing – on this basis, the Controller provides the person making such a request with information about the processing of personal data, including in particular the purposes and legal basis of processing, the scope of the data held, the entities to whom the personal data is disclosed, and the planned date of their deletion;

Right to obtain a copy of the data – on this basis, the Controller provides a copy of the processed data relating to the person making the request;

Right to rectification – on this basis, the Controller removes any inconsistencies or errors in the personal data being processed, and supplements or updates them if they are incomplete or have changed;

Right to erasure – on this basis, you can request the deletion of data whose processing is no longer necessary for any of the purposes for which they were collected;

The right to limit processing – on this basis, the Administrator ceases to perform operations on personal data, except for operations to which the data subject has given consent, and to store them in accordance with the adopted retention principles, or until the reasons for limiting data processing cease to exist (e.g. a decision of the supervisory authority is issued, allowing for further processing).

Right to restrict processing – on this basis, the Controller ceases to perform operations on personal data, except for those consented to by the data subject, and to store them in accordance with the adopted retention principles, or until the reasons for restricting data processing cease to exist (e.g., a decision of a supervisory authority is issued authorizing further data processing);

Right to data portability – on this basis, to the extent that data are processed in connection with a concluded contract or expressed consent, the Controller releases the data provided by the data subject in a machine-readable format. It is also possible to request that this data be transferred to another entity – provided, however, that the technical capabilities of both the Controller and the other entity are available;

Right to object to data processing for marketing purposes – the data subject may object to the processing of personal data for marketing purposes at any time, without having to provide a justification for such objection;

Right to object to other data processing purposes – the data subject may object at any time to the processing of personal data based on the Controller’s legitimate interest (e.g., for analytical or statistical purposes or for reasons related to property protection). Any objection in this regard must include justification and is subject to review by the Controller;

Right to withdraw consent – ​​if data are processed based on consent, the data subject has the right to withdraw it at any time, which, however, does not affect the lawfulness of processing carried out before the withdrawal of consent;

Right to complain – if the processing of personal data violates the provisions of the GDPR or other personal data protection regulations, the data subject may file a complaint with the President of the Personal Data Protection Office.

Applications regarding the exercise of data subject rights can be submitted:

1. in writing to the following address: Atlantis – Investment Sp. z o.o., ul. 1 Dywizji Pancernej 45/119, 43-300 Bielsko-Biała, Poland
2. by email to: info@atlantis-investment.p

The request should, where possible, specify:

1. what right the requester wishes to exercise (e.g., the right to receive a copy of the data, the right to erasure, etc.);
2. what processing the request concerns (e.g., use of a specific service, activity on a specific website, receipt of a newsletter containing commercial information to a specific email address, etc.);
3. what processing purposes the request concerns (e.g., marketing purposes, analytical purposes, etc.).

If the Controller is unable to determine the content of the request or identify the requester based on the submitted request, the Controller will request additional information from the requester.

A response to the request will be provided within one month of its receipt. If an extension of this deadline is necessary, the Controller will inform the requester of the reasons for such extension.

A response will be provided to the email address from which the request was sent, and in the case of requests sent by post, by regular mail to the address provided by the requester, unless the content of the letter indicates a desire to receive feedback via email (in which case, the email address must be provided).

       10. DATA RECIPIENTS

1. In connection with the provision of services, personal data will be disclosed to external entities, including, in particular, suppliers responsible for maintaining IT systems, legal entities, and entities associated with the Controller.
2. The Controller reserves the right to disclose selected information about the User to competent authorities or third parties who submit a request for such information, based on an appropriate legal basis and in accordance with applicable law.

      11. DATA TRANSFER OUTSIDE THE EEA
The Controller does not transfer data outside the European Economic Area.

      12. PERSONAL DATA SECURITY
Controller:

The Controller conducts ongoing risk analysis to ensure that personal data is processed securely – ensuring, above all, that only authorized persons have access to the data and only to the extent necessary for the tasks they perform. The Controller ensures that all operations on personal data are recorded and performed only by authorized employees and associates.
The Controller takes all necessary measures to ensure that its subcontractors and other collaborating entities also guarantee the application of appropriate security measures whenever they process personal data on behalf of the Controller.

       13. CONTACT DETAILS
The Controller can be contacted via email at info@atlantis-investment.pl
      14. CONTACT DETAILS
This policy is currently in effect.