Version valid as of: June 1, 2021.
As the Administrator of your personal data, we attach great importance to the protection of personal data and compliance with the law during its collection and processing. For this purpose, this Privacy and Cookies Policy was created - it contains all information about the collection of your personal data by us via the website https://www.revoltenergy.eu/ and its subdomains, as well as our social media accounts (hereinafter referred to as: "Sites") and about the rules of using them.
The administrator of your personal data is: Revolt Energy Limited Liability Company with its registered office in Rabka-Zdrój, 115 Kilińskiego Str., 34-700 Rabka Zdrój, entered into the Register of Entrepreneurs of the National Court Register under number 0000872683, whose files are kept by the District Court for Cracow - Śródmieście in Cracow, XII Commercial Division of the National Court Register, holding NIP (Tax Identification Number): 7352894081 and share capital in the amount of PLN 100,000.00 (paid in full). Personal data is processed in accordance with the Act of May 10, 2018 on the protection of personal data and the Regulation (EU) No. 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as: "GDPR".
If you have any questions related to this Policy or the processing of personal data, you can write to our Data Protection Officer - Maciej Rymaszewski at the following address: iod@revoltenergy.com.pl.
I. INFORMATION ON THE PROCESSING OF YOUR PERSONAL DATA
You may provide us with your personal data in the following situations:
1) by contacting us via contact forms, forms for obtaining contact data, the so-called lead or chatbot forms (name, surname, e-mail address, phone number, post code and city, electricity bill value, IP address, information on the website from which the contact was obtained, if applicable, other data included in the correspondence, and also in the case of pricing, information on the planned installation, roof construction and financing);
2) by providing data through paid campaigns displayed in social media (name, e-mail address, telephone number, post code and city, internal user ID in the social media, other data included in the correspondence),
3) by contacting us directly, for example at the e-mail address, phone number provided by us or in writing (e-mail address, phone number or correspondence address, other data included in the correspondence),
4) by using our social media accounts, including posting comments on our social media accounts or contacting us in private messages via the above-mentioned media (profile name and publicly available profile data, other data included in the comment or correspondence),
5) by concluding an agreement with us and placing an order (name, surname, address of residence, PESEL number or in the case of conducting business activity - company name, business address, tax identification number, names and surnames of persons representing and other data included in the agreement
Contact. When contacting us via e-mail, phone, correspondence address, contact or lead form, chatbot, marketing campaign or social media account, you provide your data voluntarily, but it is necessary to establish contact.
In this case your data is processed for the purpose of contact and response to inquiry, and the basis for processing is your consent resulting from initiating contact with us (Article 6 point 1 letter a of the GDPR). After the contact is completed, the legal basis is our legitimate interest in archiving correspondence for the purpose of demonstrating its course in the future (Article 6 point 1 letter f of the GDPR). The content of correspondence may be archived for the period of claims limitation that may arise from it. If no potential claims arise from the content of the correspondence, it is deleted after 30 (thirty) days from the time of addressing your last query.
Conclusion of the agreement and placing an order. By concluding an agreement with us and placing an order, you provide your data voluntarily, but it is necessary to conclude and perform the agreement.
Your personal data, as the person ordering or representing the ordering party, is processed in this case in order to conclude and perform the agreement (Article 6 point 1 letter b of the GDPR). The data of other persons participating in the performance of the agreement on your part (including contact persons) is processed on the basis of our legitimate interest, which is the proper performance of the agreement and communication with contact persons in the scope of its implementation (Article 6 point 1 letter f of the GDPR). In addition, your personal data and personal data of the above-mentioned persons may be processed in order to perform our obligations under the law, in particular tax law, such as issuing an invoice and including it in the accounting documentation (Article 6 point 1 letter c of the GDPR) and to protect and assert rights arising from from the agreement which is our legitimate interest (Article 6 point 1 letter f of the GDPR).
Order data shall be processed for the time necessary to perform the order, and then until the expiry of the limitation period for claims under the concluded agreement. We are also obliged to store invoices with your personal data for the period of 5 years from the end of the tax year in which the tax obligation arose.
Social media. We process your personal data when you use our social media accounts. In such a case, we may process your publicly available profile data, including personal data such as name, surname, image as part of the profile picture, or the content of comments.
The above data is processed by us on the basis of your consent (Article 6 point 1 letter a of the GDPR) when comments are posted in our social media, as well as on the basis of our legitimate interest (Article 6 point 1 letter a of the GDPR), in particular when we conduct marketing activities on our accounts or keep statistics.
We may also process information sent via chat or in private messages (the purposes of data processing in this regard are indicated in the Contact section above).
In addition, our website uses plug-ins provided by social networking sites, such as Facebook, Instagram or LinkedIn. By displaying our website containing such a plug-in, your browser establishes a direct connection with the servers of social network administrators (service providers). The content of the plugin is transferred by the given service provider directly to your browser and integrated with the website. Thanks to this integration, service providers receive information that your browser has displayed our website, even if you do not have a profile with a given service provider or are not currently logged in to it. Such information (including the IP address) is sent by your browser directly to the server of the given service provider and stored there.
In addition, if you are logged in to one of the social networking sites, this service provider will be able to directly assign a visit to our website to your profile on a given social networking site. If you use a given plugin, e.g. by clicking the "Like" or "Share" button, relevant information will also be sent directly to the server of the given service provider and stored there. In addition, this information will be published on a given social network site and will be shown to people added as your contacts.
To learn more about the processing of your data by external service providers, please become familiar with their privacy policies:
1) Facebook – https://www.facebook.com/privacy/explanation,
2) Instagram – https://help.instagram.com/519522125107875?helpref=page_content,
3) LinkedIn – https://pl.linkedin.com/legal/privacy-policy.
II. COOKIES AND OTHER TRACKING TECHNOLOGIES
Our website uses cookies. Cookies are small text information saved and stored on your end device (e.g. in the memory of a computer, tablet, smartphone), which can be read by ICT systems of third parties (third party cookies) in connection with our use of the software of these entities or only through our ICT system (own cookies). Cookies enable, among others, using all the functions of the Websites and do not change the settings of the user's device.
Some cookies are deleted after the end of the web browser session, i.e. after closing it (so-called session cookies). Other cookies are stored on the end device and allow the browser to be recognized with the next visit on the website (persistent cookies).
During the first visit on the website, information on the use of cookies is displayed. The use of cookies in the case of collecting and processing personal data for the purpose of remembering information about the user's session, providing the functions of the Websites, as well as for analytical, statistical and marketing purposes is based on our legitimate interest (Article 6 point 1 letter f of the GDPR) consisting of the proper operation of the website, creation of statistics and their analysis in order to optimize the website and marketing activities. By using appropriate browser settings, you can both delete cookies and block the use of cookies in the future. However, in the case of collecting and processing personal data for the purposes of profiling for marketing purposes and customer satisfaction surveys, we rely on your consent (Article 6 point 1 letter a of the GDPR) expressed by pressing appropriate box in the information on data processing in cookies, appearing when the user first accesses the site.
Google Analytics. Google Analytics is an online tool for analyzing website statistics, which automatically collects information about your use of the website, belonging to Google LLC. With this software, we do not identify website users, and it is used for profiling for marketing purposes, customer satisfaction surveys and data processing for analytical and statistical purposes. Detailed information on how Google uses user data is available at: https://policies.google.com/technologies/partner-sites.
You can prevent the recording of data collected by Google LLC cookies regarding the use of the website, as well as the processing of this data, by installing the browser plug-in available at the following address: https://tools.google.com/dlpage/gaoptout.
If you are interested in details related to data processing under Google Analytics, you can read the explanations prepared by Google LLC: https://support.google.com/analytics/answer/6004245.
Data about users and events related to cookie files are stored by Google Analytics on Analytics servers for a period of 26 (twenty-six) months. At the end of the period, the stored data will be automatically deleted once a month.
The use of Google Analitycs is based on our legitimate interest in the form of data processing for analytical and statistical purposes (Article 6 point 1 letter f of the GDPR) and on your consent regarding profiling for marketing purposes and customer satisfaction surveys (Article 6 point 1 letter a of the GDPR).
Facebook Pixel. We use marketing tools provided by Facebook Inc., as part of which we can direct advertisements to you on Facebook. Facebook Pixel implemented on the Pages enables us to collect information about your use of the Pages (such as events and conversions) automatically. On the basis of this data, we then create groups of recipients in advertising systems. Detailed information on how Facebook uses user data for its own purposes is available at: https://www.facebook.com/privacy/explanation.
The use of Facebook Pixelis based on our legitimate interest in the form of marketing of our own products and services (Article 6 point 1 letter f of the GDPR).
LinkedIn Insight. We use marketing tools provided by LinkedIn Corporation, as part of which we can target advertising to you on LinkedIn. LinkedIn Insight implemented on the Pages enables us to automatically collect information about your use of the Pages (such as the URL address, IP address, device and browser information). On the basis of this data, we then create groups of recipients in advertising systems. Detailed information on how LinkedIn uses user data for its own purposes is available at:https://pl.linkedin.com/legal/privacy-policy.
The use of LinkedIn Insight is based on our legitimate interest in the form of marketing of our own products and services (Article 6 point 1 letter f of the GDPR).
Server logs. Using the Pages involves sending queries to the server where the given Page is stored. Each query addressed to the server is saved in the server logs. Logs include e.g. IP address, server date and time, information about the web browser and operating system you use. Logs are saved and stored on the server.
Data stored in the server logs is not associated with specific people using the website and is not used by us for identification. Server logs are only auxiliary material used to administer the website, and their content is not disclosed to anyone, except persons authorized to administer the server.
III. RECIPIENTS OF YOUR PERSONAL DATA
Personal data may be entrusted or transferred on the basis of appropriate agreements to third parties providing services in the field of software delivery, data storage and encryption, to hosting companies, professional companies supporting accounting processes, marketing agencies, postal operators and couriers, law or tax offices, companies of the Blachotrapez group (i.e. Blachotrapez Sp. z o. o. with its registered office in Rabka-Zdrój or companies related to it personally, by capital or organisationally), as well as transferred to other entities in order to fulfill legal obligations.
All entities to which your personal data is entrusted or made available guarantee the use of appropriate measures for the protection and security of personal data required by law.
Due to the use of the services of Google LLC based in Menlo Park, California, the USA, Facebook, Inc. based in Menlo Park, California, the USA and LinkendIn Corporation based in Sunnyvale, California, the USA, your data may be transferred to the United States of America (the USA) in connection with its storage on American servers. These entities use compliance mechanisms provided for by the GDPR, such as standard contractual clauses, to ensure an adequate level of protection of personal data required by European regulations.
IV. AUTHORIZATIONS RELATED TO THE PROCESSING OF PERSONAL DATA
In connection with the processing of your personal data, on the basis of the GDPR, you may have the following rights, depending on the scope and purpose for which the data is processed:
1) the right to confirm whether your personal data is being processed and the right to access it (Article 15 of the GDPR),
2) the right to obtain a copy of personal data subject to processing (Article 15 of the GDPR),
3) the right to rectify your personal data if it is incorrect and the right to request completion of incomplete data (Article 16 of the GDPR),
4) the right to delete your personal data "the right to be forgotten" (Article 17 of the GDPR) - you have the right to request immediate removal of your personal data in each of the following cases:
a) when personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
b) when an objection to the processing of data referred to in point 7) below is raised and there are no superior legitimate grounds for processing this data;
c) when personal data is processed unlawfully;
d) when personal data must be removed in order to comply with a legal obligation provided for in European Union law or Polish law.
However, removal of your personal data will not be possible to the extent in which its processing is necessary (i) to exercise the right to freedom of expression and information, (ii) to comply with a legal obligation requiring processing under European Union or Polish law, (iii) to establish, pursue or defend claims.
5) the right to limit the scope of processing your personal data (Article 18 of the GDPR) - you have the right to request the restriction of processing in cases where:
a) the correctness of personal data is questioned - for a period allowing to check the correctness of this data;
b) the processing is unlawful and you oppose the deletion of personal data, requesting the restriction of its use instead;
c) as the Data Administrator, we no longer need your personal data for the purposes of processing, but you need it to establish, pursue or defend claims;
d) an objection to the processing referred to in point 7) below has been lodged - until it is determined whether our legitimate grounds are superior to the grounds for objection,
6) the right to transfer your personal data (Article 20 of the GDPR) - you have the right to receive your personal data that was provided when placing the order via the contact form in a structured, commonly used machine-readable format; you also have the right to send this personal data to another data administrator,
7) the right to object to the processing of your personal data (Article 21 of the GDPR) - you have the right to object to the processing of your personal data in the event when we process this data in a legitimate interest; we may not accept the objection if there are valid, legitimate grounds for processing, superior to your interests, rights and freedoms, or grounds for establishing, pursuing or defending claims;
8) the right to withdraw consent at any time, if the processing is based on it; withdrawal of consent does not affect the lawfulness of the processing which was made on the basis of consent before its withdrawal.
You can exercise the above-mentioned rights by contacting our Data Protection Officer - Maciej Rymaszewski at the following address: iod@revoltenergy.com.pl.
At any time, you are also entitled to lodge a complaint with the competent supervisory authority (currently the President of the Personal Data Protection Office) in the event that your rights regarding the processing of personal data are violated (Article 77 of the GDPR).
V. DATA SECURITY
We use various security technologies and procedures that help protect your personal data from unauthorized access, disclosure, use, alteration or destruction, including:
1) Staff. Only those obliged to confidentiality and authorized employees and associates have access to personal data and may process it only within the scope of strictly defined duties.
2) Data Protection Officer. We have appointed Data Protection Officer who, in particular, supervises the security of personal data, monitors our compliance with applicable regulations and is your contact point in all matters regarding the protection of personal data.
3) Security measures. We use encryption when transferring personal data between your system and ours (current SSL certificate) to prevent unauthorized persons from gaining access to your personal data.
4) Trusted suppliers. All entities to which your personal data is entrusted or made available guarantee the use of appropriate measures for the protection and security of personal data required by law.
VI. CHANGES TO THE PRIVACY POLICY
We may occasionally update our Privacy and Cookies Policy. If changes are made, we will update the dates in this document and inform you of the changes electronically.
This document was last updated on June 1, 2021.
