Application Privacy Policy

THO.EU

Please read this Privacy Policy carefully. The Privacy Policy sets out the rules for the processing of personal data collected and processed while using the Application.

1) GENERAL PROVISIONS

  1. This Privacy Policy of the Application is informative, which means that it is not a source of obligations for entities using the Application in Users. The Privacy Policy mainly contains rules regarding the processing of personal data by the Data Controller in the Application, including the basics, purposes, and scope of processing of personal data, and the rights of data subjects, as well as information on the use of cookies and analytical tools in the Application.
  2. The Data Controller of personal data collected via Aplikacji.pl is THE HOME OFFICE SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office in Gdańsk (registered office address and address for service): Trakt Św. Wojciecha 237, 80-017 Gdańsk), entered into the Register of Entrepreneurs of the National Court Register under the number: 0000879987; registry court in which the company’s documentation is kept: District Court Gdańsk – Północ in Gdańsk, VII Commercial Division of the National Court Register; share capital in the amount of PLN 10 000,00; Tax Identification no.: 5833418418, National Business Registry no.: 387988595, e-mail address: office@tho.eu – hereinafter referred to as the ‘Data Controller’ and being the Application Service Provider.
  3. Personal data in the Application is processed by the Data Controller in accordance with applicable law, in particular in accordance with the Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data, and repealing of Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as ‘GDPR‘ or ‘GDPR Regulation‘. The official text of the GDPR Regulation: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679
  4. Use of the Application is voluntary. Similarly, the provision of personal data by the user of the Application is voluntary.
  5. The Data Controller takes special care to protect the interests of persons to whom the personal data processed relates, and in particular is responsible and ensures that the collected data is: (1) processed in accordance with the law; (2) collected for specified, legitimate purposes and not subjected to further processing incompatible with those purposes; (3) factually correct and adequate in relation to the purposes for which it is processed; (4) stored in a form that allows identification of the persons it concerns, no longer than necessary to achieve the purpose of processing, and (5) processed in a way that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by using appropriate technical or organizational measures.
  6. Having regard to the nature, scope, context, and purposes of the processing and the risk of violation of the rights or freedoms of natural persons of varying probability and seriousness, the Data Controller shall implement appropriate technical and organisational measures to ensure that the processing is carried out in accordance with the GDPR and to be able to demonstrate this. Those measures shall be reviewed and updated when necessary. The Data Controller shall use technical measures that prevent unauthorised persons from acquiring and modifying data transferred by electronic means.
  7. All words, phrases, and acronyms appearing in this Privacy Policy and starting with a capital letter (e.g. The Service Provider, the Application) should be understood in accordance with their definition contained in the Application Terms and Conditions.

2) THE BASIS OF DATA PROCESSING

  1. The Data Controller is entitled to process personal data in cases, in which – and to the extent to which – at least one of the following conditions is met: (1) the data subject has consented to the processing of their personal data for one or more specific purposes ; (2) processing is necessary to perform an agreement in which the data subject is a contracting party or to take action at the request of the data subject before the agreement conclusion; (3) processing is necessary to fulfill the legal obligation which is incumbent on the Data Controller; or (4) processing is necessary for purposes arising from legitimate interests pursued by the Data Controller or by a third party, except for situations where these interests are overridden by interests or fundamental rights and freedoms of the data subject, requiring personal data protection, in particular, if the data subject is a child.
  2. The processing of personal data by the Data Controller always requires the occurrence of at least one of the situations indicated in clause 2.1 of the Privacy Policy. The specific grounds for the processing of personal data in the Application by the Data Controller are indicated in the next point of the Privacy Policy – in relation to a given purpose of the processing of personal data by the Data Controller.

3) PURPOSE, BASIS, AND PERIOD OF DATA PROCESSING IN THE APPLICATION

  1. Each time, the purpose, basis, and period, as well as the recipients of personal data processed by the Data Controller, results from the actions taken by a given User in the Application.
  2. The Data Controller may process personal data in the Application for the following purposes, on the grounds and during the periods indicated in the table below:

Purpose of data processing

Legal basis of data processing

Data storage period

Creating and maintaining an Account in the Application, as well as using other Electronic Application Services

Article 6 (1) (b) of the GDPR (performance of the agreement) – processing is necessary to perform the agreement for the use of Electronic Services, to which the data subject is a party or to take action at the request of the data subject before concluding the agreement

The data is stored for the period necessary to perform, terminate or otherwise end the agreement.

Using the Application and ensuring its proper operation

Article 6 (1) (f) of the GDPR (legitimate interest of the Data Controller) – processing is necessary for the purposes resulting from the Data Controller’s legitimate interests – consisting in running and maintaining the Application

The data is stored for the duration of the legitimate interest pursued by the Data Controller but no longer than for the period of limitation of claims against the data subject, in virtue of the Data Controller’s business activity. The limitation period is determined by provisions of the law, in particular of the Civil Code (the basic limitation period is three years for claims connected with the conduct of business activities).

Conducting statistics and analysis of traffic in the Application

Article 6 (1) (f) of the GDPR (legitimate interest of the Data Controller) – processing is necessary for the purposes resulting from the Data Controller’s legitimate interests – consisting in conducting statistics and analysis of  traffic in the Application in order to improve the functioning of the Application

The data is stored for the duration of the legitimate interest pursued by the Data Controller but no longer than for the period of limitation of claims against the data subject, in virtue of the Data Controller’s business activity. The limitation period is determined by provisions of law, in particular of the Civil Code (the basic limitation period is three years for claims connected with the conduct of business activities).

4) DATA RECIPIENTS IN THE APPLICATION

  1. For the proper functioning of the Application, it is necessary for the Data Controller to use the services of third parties (for example, a payment service provider, and a software provider). The Data Controller uses only the services of processing entities that provide sufficient guarantees to implement the appropriate technical and organizational measures so that the processing meets the requirements of the GDPR – and protects the rights of the data subjects.
  2. Personal data may be transferred by the Data Controller to a third country, whereby the Data Controller ensures that in such a case it will be in relation to the country ensuring an adequate level of protection, and in the absence of an appropriate decision confirming an adequate level of protection of that country, at least on the basis of standard data protection clauses – in accordance with the GDPR, and the data subject has the opportunity to obtain a copy of his data. The Data Controller shall provide the collected personal data only if and to the extent necessary to fulfill the respective purpose of the processing in accordance with this Privacy Policy.
  3. Data is not transferred by the Data Controller in each case and it is not transferred to all recipients or categories of recipients indicated in the Privacy Policy – the Data Controller provides data only when it is necessary for the purpose of processing personal data and only to the extent necessary to achieve it.
  4. Users’ personal data may be transferred to the following recipients or categories of recipients:
    1. service providers supplying the Data Controller with technical, IT, and organizational solutions enabling the Data Controller to conduct business activity, including the Application (in particular, the software provider for running the Application, the e-mail and hosting provider, and the software provider for managing the company and providing technical assistance to the Data Controller) – the Data Controller makes the collected personal data available to the selected provider acting on its behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this Privacy Policy.

5) RIGHTS OF THE DATA SUBJECT

  1. Right of access, rectification, restriction, erasure or transfer – the data subject has the right to request the Data Controller to access their personal data, rectify it, delete it (‘the right to be forgotten’) or restrict processing, and has the right to object to processing, and also the right to transfer the data. Detailed conditions for the exercise of the aforesaid rights are set forth in art. 15–21 of the GDPR.
  2. The right to withdraw consent at any time – a person whose data is processed by the Data Controller on the basis of expressed consent (pursuant to art. 6 (1) (a) or art. 9 (2) (a) of the GDPR Regulation), the data subject has the right to withdraw consent at any time without affecting the lawfulness of the processing that was carried out on the basis of consent before its withdrawal.
  3. Right to lodge a complaint with a supervisory authority – the data subject whose data is being processed by the Data Controller shall have the right to lodge a complaint with a supervisory authority in a manner set forth in the provisions of the GDPR and of the Polish law, in particular of the Act on Personal Data Protection. The President of the Personal Data Protection Office is the supervisory authority in Poland.
  4. Right to object – the data subject shall have the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on Article 6 (1) (e) (public interest or public task) or (f) (legitimate interest of the administrator), including profiling based on these provisions. The Data Controller shall no longer process the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
  5. In order to exercise the rights referred to in this point of the Privacy Policy, you can contact the Data Controller by sending an appropriate message in writing or by e-mail to the Data Controller’s address indicated at the beginning of the Privacy Policy.

6) COOKIES AND ANALYTICAL TOOLS

  1. Cookies are available on the information page of the Application at http://tho.eu/.
  2. Cookies are small pieces of information in the form of text files, sent by the server and saved on the side of the person visiting the Application  (e.g. on the hard drive of the computer, laptop or on the smartphone’s memory card – depending on a device used while visiting Application). Detailed information on cookies, as well as the history of their creation, can be found, among others, here: https://pl.wikipedia.org/wiki/HTTP_cookie
  3. Cookies that can be sent by the Application can be divided into different types, according to the following criteria:

Due to their supplier:

Due to their storage period on the device of the person visiting the Application:

Due to the purpose of their use:

  • own (created by the Application) and
  • belonging to persons / third parties (other than the Data Controller)
  • session (stored until you log out of the Application or disable your web browser) and
  • permanent (stored for a specified period of time, defined by the parameters of each file or until they are manually deleted)
  • necessary (enabling the proper functioning of the Application),
  • functional/preferential (enabling adaptation of the Application to the preferences of the visitor),
  • analytical and performance (collecting information on how to use the Application),
  • marketing, advertising and social (collecting information about the person visiting the Application in order to display personalized advertisements to that person and conduct other marketing activities, including on websites separate from the Application, such as social networks)
  1. The Data Controller may process the data contained in Cookies when visitors use the Application for the following specific purposes:

Purposes of using Cookies in the Application

remembering data from completed Order Forms, surveys or login data to the Application (necessary and / or functional / preferential cookies)

adjusting the content of the Application to the individual preferences of a given person (e.g. regarding colors, font size, layout) and optimize the use of the Application (functional/preferential cookies)

keeping anonymous statistics showing the use of the Application (performance and analytical cookies)

remarketing, that is, testing the behavioral characteristics of visitors to the Website through anonymous analysis of their activities (e.g. repeated visits to specific websites, keywords, etc.) in order to create their profile and provide them with advertisements tailored to their anticipated interests, also when they visit other websites on the advertising network of Google Ireland Ltd. and Facebook Ireland Ltd. (marketing, advertising, and social cookies)

  1. It is possible to check in the most popular web browsers what cookies (including the period of operation of cookies and their provider) are sent at a given moment by the Application, as follows:

In Chrome:

In Firefox:

In Internet Explorer:

(1) in the address bar, click the padlock icon on the left, (2) go to the ‘Cookies’ tab.

(1) in the address bar, click the shield icon on the left, (2) go to the ‘Allowed’ or ‘Blocked’ tab, (3) click the ‘Tracking cookies between sites’, ‘Social media tracking elements’ or ‘Tracking content’ box

(1) click on the ‘Tools’ menu, (2) go to the ‘Internet Options’ tab, (3) go to the ‘General’ tab, (4) go to the ‘Settings’ tab, (5) click on the ‘View Files’ box

In Opera:

in Safari:

Regardless of the browser, using the tools available, for example, at

(1) in the address bar, click on the padlock icon on the left, (2) go to the ‘Cookies’ tab.

(1) click on the ‘Preferences’ menu, (2) go to the ‘Privacy’ tab, (3) click on the ‘Manage site data’ box

  1. Normally, most web browsers available accept cookies by default. Everyone can define the terms of using Cookies via their web browser settings. This means that you can, for example, partially limit (e.g. temporarily) or completely disable the possibility of saving cookies – in the latter case, however, it may affect some of the functionalities of the Application.
  2. The cookie settings of your browser are important for your consent to the use of cookies by the Application – according to the regulation such consent can also be given through your browser settings. Detailed information on changes of settings concerning Cookies and clearing Cookies in the most popular web browsers is available in the help section of each web browser and on the following websites (you only need to click on the selected link):
    1. in Chrome
    2. in Firefox
    3. in Internet Explorer
    4. in Opera
    5. in  Safari
    6. in Microsoft Edge
  3. The Data Controller may use Google Analytics, Universal Analytics provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) in the Application. These services help the Data Controller to keep statistics and analyze traffic in the Application. The collected data is processed as part of the above services to generate statistics helpful in the administration of the Application and traffic analysis in the Application. These data is aggregated. By using the aforesaid services in the Application, the Data Controller collects such data as the sources and media of acquisition of visitors to the Application, as well as their behaviours in the Application, information on the devices and browsers from which they visit the page, IP and domain, geographical data and demographic data (age, gender), and interests.
  4. You can easily block sharing information about your activity with Google Analytics on the Apps page, for example by installing a browser plug-in provided by Google Ireland Ltd. Available at https://tools.google.com/dlpage/gaoptout?hl=en
  5. In connection with the Data Controller’s ability to use advertising and analytical services provided by Google Irelantd Ltd. in the Application, the Data Controller indicates that full information about the data processing policy of persons using the Application (including information stored in cookies) by Google Ireland Ltd. is included in the privacy policy of Google services available at https://policies.google.com/technologies/partner-sites

7) MISCELLANEOUS

The Application may contain links to other websites or applications. After going to other websites, the Data Controller encourages you to familiarize yourself with their privacy policy. This Privacy Policy applies only to the Application.

PRIVACY POLICY

This Policy applies to cookies and to the websites operated by The Home Office LLC with registered office in Gdansk, ul. Trakt Św. Wojciecha 237, 80-017 Gdańsk, entered into the Register of Entrepreneurs of the National Court Register by the District Court Gdańsk-Północ in Gdansk, VII Commercial Division of the National Court Register under KRS no.: 0000879987, holding NIP: 5833418418 and REGON: 387988595 (hereinafter: “THO”).

I. Cookies.

Cookie files is a small text file sent by a website when a web address is called up in the browser. Cookies are IT data, in particular text files, which are stored on the final device (computer, laptop, smartphone) used for browsing the Websites by the person entering a website address in the browser (hereinafter: “User”). Cookies contain information necessary for the proper functioning of the Websites and enable remembering the User’s preferences, personalising the Websites in terms of content displayed and adjusting advertisements. Cookies usually contain the name of the website they come from, the time they are stored on the end device and a unique number. The information contained in cookies allows the information contained in them to be read only by the website with which they were created. The entity placing cookie files on the website User’s end device and accessing them is THO.

II. Types of cookies used by THO.

THO uses two types of cookies on its websites:

  1. session cookies – temporary files which are stored in the User’s terminal equipment until leaving the Website or switching off the software (web browser);
  2. “Persistent” cookies – “permanent” files that are stored in the User’s terminal equipment for the time specified in the parameters of cookies or until they are deleted by the User. This type of file allows information to be transferred to a server each time a website is visited.

THO informs that the websites do not automatically collect any information about Users, with the exception of information contained in cookies.

III. The purpose of using cookies.

Cookies are used on websites in order to measure the activity of the Users and to adapt the content of the website to the individual preferences of the User, by identifying the end device, in order to correctly display the content of the website. THO also uses cookies to adapt and improve the way the websites work, as well as to measure the effectiveness of the actions carried out. Cookies also allow THO to study the Users’ preferences and thus constantly improve the quality of the services provided. The websites may use cookies with the following functions:

  1. cookies that enable the use of services available on the Websites, e.g. cookies used for services that require User authentication;
  2. cookies used for security purposes, e.g. used to detect misuse of authentication on the Websites;
  3. cookies that make it possible to collect information on how the Websites are used;
  4. cookies that enable automatic application of settings selected by the User and personalisation of the User’s interface (e.g. with respect to the chosen language or region of origin of the User, font size, website layout etc.) during subsequent use of the Website;
  5. cookies that make it possible to provide users with advertising content more suited to their interests.

THO informs that cookies will not be used to contact the User by phone, e-mail or post.

IV. External websites.

External websites, to which the website may link, may also use other cookies than those mentioned above, including in particular cookies which enable logging in and delivery of advertisements corresponding to the User’s preferences and behaviour.

V. User consent to the use of cookies.

THO informs that the software used to browse the website (web browser such as Internet Explorer, Google Chrome, Mozilla Firefox, etc.) by default allows the storage of cookies on the User’s terminal device. Website users may change their cookie settings at any time by changing the settings of their web browser on their terminal equipment. These settings can be changed in particular in a way allowing to block the automatic handling of cookies in the web browser’s settings or inform on their placement in the User’s final device each time. Detailed information on the possibility and methods of using cookies is available in the software settings of the web browser used by the User. Cookies placed on the User’s end device can also be used by THO contractors cooperating with THO.

VI. Consent management platform (CMP).

THO uses a Consent Management Platform (“CMP”). You can view the CMP and access your cookie settings at ….. The platform allows you to modify the consents given to the extent that cookies are not necessary for THO to provide its services.