I. PRINCIPLES OF PERSONAL DATA PROTECTION

1. GreenWay takes special care to all personal data that are processed in accordance with the purpose for which they were collected and used as well as with the scope of granted permits (consents) and processing areas permitted by law.
2. All personal data are processed in a way consistent with the requirements of generally applicable law, particularly in accordance with Regulation (EU) 2016/679 Of The European Parliament And Of The Council on April 27th 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), The Act on May 10th 2018 on the protection of personal data, The Act on July 18th 2002 on the provision of electronic services and The Act on July 16th 2004 Telecommunication Law Act, including the scope of the user's consent.
3. We take care that the processing of personal data takes place in accordance with the principles of substantive correctness and adequately to the purposes for which they are collected.
4. We process data for the period that is necessary to achieve the purposes for which they were collected, and in addition for the period in which we are obliged to collect them based on generally applicable rules.
5. We ensure confidentiality, integrity and accountability of personal data processed by us.
6. Processed personal data are not disclosed without data subjects’ consent, unless such data are disclosed to authorized persons, to entities to which data has been transferred on the basis on data processing agreement (including The Controller’s cooperation with: law firms, entities providing services IT) and entities authorized under applicable law.
7. The processed personal data are not transferred into countries outside the European Union and the European Economic Area.
8. These rules apply to personal data processing in all types of applications used by the clients of GreenWay (web applications as well as mobile applications).

II. MANNER OF OBTAINING DATA

Personal data are obtained through:

• optional entering information in forms,
• saving Cookies files in the final devices (so-called Cookies).

III. INFORMATION ABOUT COOKIES

1. This Service use Cookies files.
2. Cookies files (so-called "Cookies") are IT data, particularly text files, which are stored in the Service User's final device and are intended for using The Service’s websites.
3. The Service operator is the entity, which is placing Cookies on the Service User's final device and accessing them.
4. Cookies are used for the following purposes:
   • to create statistics, which help to understand how Service Users browse websites, allowing the improvement of their structure and content, also using Google Analytics;
   • to adapt the Service’s content to User’s preferences and optimize using the Service.
5. Two basic types of Cookies files are applied within the Service: ‘session’ and ‘persistent’ Cookies. Session Cookies are temporary files that are stored in the User's final device until log out, leaving the website or disabling the software (Internet browser). Persistent Cookies files are stored in the User's final device for the time specified in Cookies files parameters or until User deletes them.
6. The Internet browser usually allows Cookies files to be stored in the User's files device by default. Service Users may change settings in that regard. The Internet browser allows deleting or blocking Cookies files. Specific information in this regard are available at support or documentation of User’s Internet browser.
7. Restrictions in the usage of Cookies files may influence some functions available on the Service website.
8. Privacy policy concerning the collection of statistics by Google Analytics is available at: https://www.google.pl/intl/pl/policies/privacy/.
9. Detailed information regarding the categories of Cookies files processed on the Service and the data they collect can be found in the Privacy Settings available in the cookie consent banner.

IV. SERVER LOGS

1. Information about certain behaviors of Users are subject to logging in the layerserver. Those data are used only to controll the website and to ensure the most efficient service of hosting.
2. The browsed resources are identified by URL addresses. In addition, to the subscription may be subject:
   • the time of inquiry arrival,
   • the time of sending a response,
   • User's station name,
   • information about errors, which occurred during the http transaction,
   • URL address of the website previously visited by the User (referrer link) - in case if the transition to the Service was made via a link,
   • information about the type of User's device,
   • information about User's device,
   • information about IP address, including information about the country from which the User logs in.
3. The abovementioned data are not related to specific persons browsing the Service.
4. The abovementioned data are used solely for the purpose of Service and controlling the Website and server.

V. FOR WHAT PURPOSE DATA COLLECTED BY US ARE USED

1. Personal data are used for the purpose of providing services by GreenWay and related legal obligations that charge The Controller – pursuant to art. 6 sec. 1 a), b) and c) GDPR.
2. In case if appropriate consent is obtained, the data are also used for marketing purposes carried out by means of electronic communication, in particular through using telecommunications terminal equipment, for direct marketing purposes, in accordance with both art. 172 on the Act on July 18th 2002 on Telecommunications Law and electronic mail and with art. 10 on the Act of July 18th 2002 on the provision of electronic services pursuant to art. 6 sec. 1 a) GDPR.

VI. SECURITY AND STORAGE OF INFORMATION

GreenWay ensures security of personal data through appropriate technical and organizational measures to prevent unlawful processing, unauthorised disclosure or accidental loss, destruction or damage.

VII. USER RIGHTS

1. Providing personal data to the necessary extent for the provision of services offered by the Administrator is mandatory but in the remaining scope is voluntary.
2. The Controller respects the rights of each person whose data are processed: access, rectification, erase, processing restrictions, transfer, objection related to their personal data.
3. If the processing is in progress based on the consent of data subject, data subject has the right to withdraw the consent at any time, with the provision that withdrawal will not affect the lawfulness of the processing, which was made based on consent before its withdrawal.
4. Data subject whose data are processed may use its rights by sending a message to GreenWay in which data subject will presents requests.
5. Data subject whose data are processed has the right to file a complaint to the supervisory body, if decides that its rights have been violated.

VIII. CHANGES OF PRIVACY POLICY

GreenWay's privacy policy changes may be affected by changes in the legislative sphere in the field of personal data protection as well as other factors. Users will be informed immediately about any changes on GreenWay’s website.

IX. CONTACT DETAILS

All questions related to the processing and protection of personal data, regarding to this Privacy Policy, please send to the following e-mail address: [email protected]