Privacy Policy and Personal Data Protection OEX S.A.
Privacy Policy and Personal Data Protection OEX S.A.
Pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), EU Official Journal L.2016.119.1, hereinafter referred to as "GDPR", OEX S.A. provides the following information:
Table of Contents:
I. Personal Data Protection
II. Cookies
III. Data Protection Officer of OEX S.A.
I. Personal Data Protection
1. Data Controller
The controller of personal data of persons using the website https://oexgroup.com/, including those contacting OEX S.A. via email or contact form (hereinafter: "User"), is OEX S.A. with its registered office in Warsaw, at ul. Klimczaka 1, 02-797 Warsaw.
2. Data Protection Officer
For matters related to personal data provided by the User, the User may contact the Data Protection Officer (DPO) appointed by OEX S.A.:
Maciej Kaczmarski,
Klimczaka 1,
02-797 Warsaw,
email: iodo@oex.pl.
3. Purposes and Legal Bases for Processing
The User's personal data is processed on the following legal bases, for the purposes of:
A. Providing responses to User inquiries, handling matters, and potential claims or defense against such claims – based on Article 6(1)(f) GDPR – i.e., the Controller's legitimate interest in maintaining proper relations with Clients/potential Clients or other contacting persons.
B. Presenting offers, if the inquiry includes a request for an offer – based on Article 6(1)(b) GDPR – processing necessary for taking steps at the request of the data subject prior to entering into a contract.
C. Marketing purposes using telephone connections – based on Article 6(1)(a) GDPR – i.e., separate voluntary consent expressed by the User.
D. Sending commercial information via email – based on Article 6(1)(a) GDPR – i.e., separate voluntary consent expressed by the User.
4. Data Retention Period
Personal data will be stored for no longer than 3 years from the date of sending the last message. In case of ongoing disputes or legal proceedings, the retention period will be counted from the date of their final resolution.
5. Data Recipients
Personal data is not transferred to third parties, except those authorized to process data under legal provisions.
6. Data Transfer Outside the EEA
The Controller uses the following tools to collect user data:
a) Google Tag Manager - Implementation tool for managing tags on the website - Does not directly collect personal data
b) Google Analytics 4 (GA4) - Collects data about user behavior on the site - Analyzes conversion paths - Data retention period: 26 months
c) Google Search Console - Collects search engine traffic data - Analyzes site visibility in search results
d) Google Ads - Collects advertising campaign data - Tracks conversions and ad effectivenesse)
e) Hotjar - Collects user behavior data - Creates heat maps - Records user sessions - Data retention period: 365 days
f) Cookiebot - Manages cookie consents - Displays privacy settings banner
We inform that data may be transferred to the USA in connection with the use of: - Google Analytics - Google Ads - Hotjar. Data transfer is based on standard contractual clauses approved by the European Commission.
7. User Rights
In connection with personal data processing, the User has the right to:
A. Object to data processing (when based on the Controller's legitimate interest)
B. Withdraw consent for processing (when based on consent)
C. Request:
Access to data and their copy (first copy free)
Rectification of outdated or incorrect data
Restriction of data processing
Data portability
Data erasure ("right to be forgotten")
8. Contact Regarding Personal Data
For questions or to exercise your rights, please contact the DPO: iodo@oex.pl, Klimczaka 1, 02-797 Warsaw.
9. Complaint to Supervisory Authority
In case of violation of data protection regulations, you have the right to lodge a complaint with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw, www.uodo.gov.pl).
10. Automated Decision-Making
No automated decisions will be made regarding the User, and the data will not be subject to profiling.
II Pliki Cookies
- OEX S.A., as the operator of the Service www.oexgroup.com, in addition to the personal data indicated above, also processes information about Users' activity on the Service pages, their preferences and behaviors, by saving cookies on end devices.
- Cookie files (so-called "cookies") constitute IT data, in particular text files, which are stored in the end device of the Service User and are intended for using the Service's websites. Cookies usually contain the name of the website from which they originate, the time of storing them on the end device, and a unique number.
- Due to the storage period of cookies, we distinguish two basic types: A. "session cookies" - temporary files stored in the User's end device until logging out, leaving the website, or closing the internet browser. B. "persistent cookies" - stored in the User's end device for the time specified in the cookie parameters or until they are deleted by the User.
- The following types of cookies are used within the Service: A. Necessary cookies – processed based on the Administrator's legitimate interest, cannot be disabled – cookies necessary for the website to function, usually used in response to actions taken by the User, such as: setting privacy options, logging in, or filling out forms. The User can block them by changing their browser settings, however, the site will not function properly then. They do not require User consent.
B. Optional cookies, whose processing depends on the User's voluntary consent expressed through cookie settings (a message window appearing at the first visit and each time after clicking the "Cookie Settings" link in the bottom bar):
- preferential - enabling remembering settings selected by the User and adjusting the content of the Service's websites to User preferences, e.g. in terms of selected language or region from which the User comes
- statistical - enabling collection of information about how the Service's websites are used, e.g. number of visits on a given page, thanks to which we can improve their content. Lack of consent to process this information will prevent us from monitoring its performance and improving our Service
- marketing - processed when the Administrator uses tools such as Google AdWords, enabling delivery of advertising content more tailored to Users' interests
- Internet browsers by default allow storing cookies on the User's end device. Service Users can change cookie settings at any time. These settings can be changed in particular to block automatic handling of cookies in the internet browser settings or to inform about their placement in the Service User's device each time. Detailed information about the possibilities and ways of handling cookies is available in the software settings (internet browser). However, restrictions on the use of cookies may affect some functionalities available on the Service's websites.
- More information about cookies is available in the "Help" section in the internet browser menu.
III Data Protection Officer of OEX S.A.
1. DPO Contact Details
1. DPO Contact Details
Maciej Kaczmarski
ul. Klimczaka 1, 02-797 Warsaw
E-mail: iodo@oex.pl
2. Information about Personal Data Processing
OEX S.A. with its registered office in Warsaw (hereinafter "Company" or "Controller") informs that any contact made through the contact details contained on this page leads to the transfer of personal data of the contacting person to the Company.
3. Data Controller
The controller of your personal data, transferred to OEX S.A. via email or contact forms, is OEX S.A. with its registered office in Warsaw, at ul. Klimczaka 1, 02-797 Warsaw.
4. Processing Purposes
Your personal data is processed for the following purposes:
1. Contact - providing responses to questions, requests, or demands
2. Correspondence handling and communication
3. Establishment, exercise, or defense of potential claims
5. Legal Basis for Processing
The legal basis for processing is the Controller's legitimate interest (Art. 6(1)(f) GDPR), consisting of:
1. Maintaining relationships with customers and potential customers
2. Responding to received correspondence
3. Ensuring the ability to demonstrate compliance with personal data protection principles
6. Voluntary Nature of Data Provision
1. Providing personal data is voluntary
2. Providing basic contact details (name, surname, email address) is necessary to receive a response
3. Failure to provide data will prevent return contact and response to the inquiry
7. Data Retention Period
Your personal data will be processed for:
1. 3 years from the date of sending the last message
2. Longer - when necessary for the establishment, exercise, or defense of claims
8. Data Recipients
Recipients of your data may be:
1. OEX Group companies
2. IT and hosting service providers
3. Legal and advisory service providers
The Controller uses analytical and marketing tools:
- Google Tag Manager
- Google Analytics 4 (GA4)
- Google Search Console
- Google Ads
- Hotjar
- Cookiebot
9. Data Transfer Outside the EEA
1. Data may be transferred to the USA in connection with the use of Google tools
2. Transfer takes place based on standard contractual clauses approved by the European Commission
3. You can receive a copy of the applied safeguards by contacting the DPO
10. Rights of Data Subjects
You have the right to:
- Access data and receive their copy
- Rectify (correct) data
- Erase data ("right to be forgotten")
- Restrict data processing
- Data portability
- Object to processing
- Lodge a complaint with the supervisory authority (UODO)
11. Rights Implementation
1. Rights are implemented without undue delay, no later than within 30 days
2. In justified cases, the deadline may be extended by another 60 days
3. The first copy of data is free
4. Reasonable administrative fees may be charged for subsequent copies
12. Right to Object
You have the right to object at any time to the processing of personal data. Upon receiving the objection, we will cease processing your data for the purposes indicated in the objection, unless we demonstrate:
1. The existence of legally justified grounds for processing, overriding your interests, rights, and freedoms
2. Grounds for the establishment, exercise, or defense of claims
13. Complaint to Supervisory Authority
If you consider that data processing violates GDPR provisions, you have the right to lodge a complaint with the President of the Personal Data Protection Office:
ul. Stawki 2, 00-193 Warsaw
www.uodo.gov.pl
14. Automated Decision-Making
1. No automated decisions will be made regarding you
2. Your data will not be subject to profiling
15. Contact
For questions or concerns regarding personal data processing, please contact the Data Protection Officer:
E-mail: iodo@oex.pl
Address: ul. Klimczaka 1, 02-797 Warsaw