Privacy policy

Back

PRIVACY POLICY

We acknowledge that the protection of your personal data is of paramount importance, this is why we collect and process only these data which are necessary for our activities. We process personal data in a lawful, transparent and fair manner, for defined purposes and only to the extent necessary to achieve these purposes. When we process personal data, we do our utmost to assure that they are accurate, safe, confidential, correctly stored and protected.

When processing your personal data, we observe the requirements of the General Data Protection Regulation (GDPR) - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, p. 1).

Personal data protection policy of ALNA BUSINESS SOLUTION SP. Z O.O.

1. This document entitled “Personal data protection policy” (hereinafter: Policy) is to constitute a map of requirements, rules and regulations on personal data protection in ALNA BUSINESS SOLUTION SP. Z O.O. (hereinafter: Company).

This Policy constitutes a personal data protection policy within the meaning of the GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, p. 1).

2. The Policy comprises:

a) description of data protection rules in force in the Company,

b) references to elaborating annexes.

3. The entity responsible for the implementation and maintenance of this Policy is the Company Management Board, and within the Management Board:

(i) member of the Management Board to whom the supervision over the personal data protection area has been entrusted.

(ii) person appointed by the Management Board to ensure compliance with personal data protection;

the following parties are responsible for the supervision and monitoring of the observance of the Policy:

(iii) person appointed by the Management Board to ensure compliance with personal data protection,

(iv) external audit entity, each time appointed by the Company Management Board;

the following parties are responsible for applying this Policy:

(v) Company,

(vi) person appointed by the Management Board to ensure compliance with personal data protection,

(vii) Company’s organisational units,

(viii) all members of the Company’s personnel, including associates.

The Company should also ensure the compliance of the Company’s business partners’ conduct with this Policy to an appropriate extent, when they receive personal data from the Company.

4. ABBREVIATIONS AND DEFINITIONS:

The Policy means this Personal Data Protection Policy, unless the context explicitly indicates otherwise.

GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, p. 1).

Data mean personal data, unless the context explicitly indicates otherwise.

Personal data mean information about an identified or identifiable natural person (“data subject”); an identifiable natural person is a person who may be identified directly or indirectly, in particular on the basis of an ID, such as first name and surname, identification number, location data, Internet identifier, or one or several factors describing the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person;

Special category data mean data listed in Article 9 (1) of the GDPR, i.e. personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.

Criminal record data mean the data listed in Article 10 of the GDPR, i.e. the data related to criminal convictions and offences.

Children’s data mean data of persons under 16.

Person means the data subject, unless the context explicitly indicates otherwise.

Processor means the organisation or person to whom the Company entrusted the processing of personal data (e.g. IT service provider, external accounting firm).

Profiling means any form of automated processing of personal data, consisting in using personal data to evaluate some of the personal features of a natural person, in particular to analyse or forecast aspects concerning the effect of that natural person’s work, their financial situation, health, personal preferences, interests, credibility, behaviour, location or movements.

Data exporting means handing over data to a third country or an international organisation.

DPO or Officer means the Data Protection Officer.

RPDPA or Register means the Register of Personal Data Processing Activity.

Company means ALNA BUSINESS SOLUTION SP. Z O.O., with its registered office in Warsaw, ul. Wierzbowa 9/11, 00-094 Warszawa, entered in the Register of Entrepreneurs by the District Court for the Capital City of Warsaw in Warsaw, XII Commercial Division of the National Court Register, under number KRS 0000357355, tax identification number NIP: 5252482455, with share capital of PLN 20,000

5. PERSONAL DATA PROTECTION IN THE COMPANY - GENERAL RULES

5.1. Personal data protection pillars in the Company:

(1) Legality – the Company ensures privacy protection and processes data in a lawful manner.

(2) Security – the Company ensures the appropriate level of data security, constantly undertaking actions in this respect.

(3) Individual rights – the Company makes it possible for persons whose data it processes to exercise their rights and it fulfils these rights.

(4) Accountability – the Company documents how it fulfils its obligations so that it can demonstrate compliance at any time.

5.2. Data protection rules

The Company processes personal data with the observance of the following rules:

(1) on the basis of the legal basis and in accordance with the law (legalism);

(2) reliably and fairly (reliability);

(3) in a manner transparent to the data subject (transparency);

(4) for specific purposes and not “just in case” (minimisation);

(5) no more than required (adequacy);

(6) with care for data accuracy (accuracy);

(7) no longer than required (timescale);

(8) ensuring appropriate data security (security).

5.3. Data protection system

The personal data protection system in the Company is composed of the following elements:

1. Data inventorying. The Company identifies the personal data resources in the Company, including:

a) cases of processing data from special categories and criminal record data;

b) cases of processing data of persons identified by the Company (unidentified data /UFO);

c) cases of processing children’s data;

d) profiling;

e) joint control of data.

On the basis of the data inventory, the Company drafts and updates the Register.

2. The Register. The Company develops, keeps and maintains the Register of Personal Data Processing Activity in the Company (Register). The Register is a tool for settling the compliance with data protection in the Company.

3. Legal basis. The Company provides, identifies, verifies legal basis for the data processing and records them in the Register, including:

a) maintains the data processing consent management system and remote communication,

b) catalogues justifications of cases where the Company processes data on the basis of the Company’s legitimate interests,

c) keeps a register of entities to whom personal data of the Company’s clients have been sub-outsourced, where clients are controllers of such data.

4. Handling the entity’s rights. The Company meets the obligations to provide information with regard to persons whose data it processes, and ensures the handling of their rights, fulfilling any requests received in this respect, including:

a) obligation to provide information. The Company provides these persons with information required by law during the collection of data, as well as organises and ensures the documentation of fulfilment of these duties;

b) ability to fulfil requests. The Company verifies and ensures the possibility of effective performance of any type of request by itself and its processors;

c) handling of requests. The Company ensures appropriate outlays and procedures so that requests of those persons are fulfilled within deadlines and in the manner required by the GDPR and are documented;

d) notification of breaches. The Company uses procedures which enable it to determine the need to notify persons affected by an identified breach of personal data.

5. Minimisation. The Company minimises the range of personal data processed (privacy by default), which includes implementation of:

a) data adequacy management rules;

b) data access restriction and management rules;

c) data storage period management rules and rules for verification of further need for processing.

6. Security. The Company provides an appropriate level of data security, including:

a) conducts risk analyses for the processing of data or their categories;

b) conducts assessments of consequences for data protection where the risk of infringement of rights and freedoms of people is high;

c) adapts data protection measures to the risk determined;

d) uses procedures enabling it to identify, assess and notify the identified data protection breach to the Data Protection Office – the Register of personal data protection breach incidents constitutes Appendix No 7 to the Policy.

7. Processor. The Company has rules for selection of processors processing data for the benefit of the Company, requirements as to the terms of processing (outsourcing and sub-outsourcing agreement), principles of verification of performance of the outsourcing and sub-outsourcing agreements.

8. Data exporting. The Company verifies whether the Company does not transfer data to third countries (i.e. outside the EU, Norway, Liechtenstein, Iceland) or to international organisations, and ensures that the terms of such transfers – if any – are compliant with the law.

9. Privacy by design. The Company manages changes affecting privacy. For this purpose, the procedures of initiating new projects and investments in the Company allow for the need to assess the impact of that change on data protection, risk analysis, ensuring of privacy (and this includes compliance of the processing objectives, data security and minimisation) already at the stage of designing the change, investment, or at the beginning of a new project.

10. Cross-border processing. The Company verifies when cases of cross-border processing take place and the principles of determining the leading supervisory body and the main organisational unit within the meaning of the GDPR,

6. INVENTORYING 

6.1. Special categories of data and criminal record data

The Company identifies cases in which it processes or may process special category data or criminal record data, and ensures compliance of such data processing with the law. In the case where cases of special category data or criminal record data processing have been identified, the Company follows the rules adopted in this respect.

Special categories of data are data disclosing racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, and the processing of genetic data, data concerning health or data concerning sex life or sexual orientation of a person.

6.2. Unidentified data

The Company identifies cases in which it processes or may process unidentified data.

6.3. Profiling

The Company identifies cases in which it profiles data processed and maintains mechanisms assuring compliance of this process with the law.

Profiling – any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

6.4. Joint control

The Company identifies cases of joint control of data and follows the adopted rules in this respect.

7. REGISTER OF DATA PROCESSING ACTIVITIES 

7.1. The Register constitutes a form of documentation of data processing activities, it plays the role of a data processing map and is one of the key elements allowing the fulfilment of the fundamental principle on which the whole personal data protection system relies, i.e. the accountability principle.

7.2. The Company keeps the Register of Data Processing Activities in which it inventories and monitors the methods in which it uses personal data.

7.3. The Register is one of the basic tools enabling the Company to account for most of the data protection duties.

7.4. In the Register, for each data processing activity which the Company deemed separate for the purposes of the Register, the Company notes at least: (i) name of the activity, (ii) purpose of processing, (iii) description of person category, (iv) description of data category, (v) legal basis for processing, (vi) information on transfer outside the EU/EEA; (vii) general description of technical and organisational data protection measures.

7.5. The specimen of the Register constitutes Appendix No 1 to the Policy – “Specimen of the Register of Data Processing Activities”.

8. GROUNDS FOR PROCESSING 

8.1. The Company documents legal basis for the processing of data in the Register for individual processing activities.

8.2. Indicating the general legal basis in the documents (consent, agreement, legal obligation, vital interests, public task / public authority, Company’s justified objective), the Company additionally specifies the basis in a precise and clear way where necessary. E.g. for a consent – indicating its scope, where the basis is a document, e.g. an agreement, a control arrangement, vital interests – indicating the category of events in which they materialise, justified objective – indicating a specific goal, e.g. own marketing, asserting claims.

8.3. The Company implements consent management methods which enable it to register and verify whether it holds the person’s consent to the processing of their specific data for a specific purpose, a consent to remote communication (e-mail, phone, text, etc.) and register the refusal to give consent, withdrawal of consent, and similar activities (objection, restriction, etc.).

8.4. The manager of the Company’s organisational unit is obliged to know legal basis on which the unit they manage performs specific personal data processing activities.

8.5 The Company processes data of persons who have expressed their consent to the sending of a newsletter, commercial information, and to conducting direct marketing in relation to them. The processing of personal data takes place for the purpose of sending the above materials to the persons mentioned.

9. METHOD OF HANDLING INDIVIDUAL RIGHTS AND OBLIGATIONS TO PROVIDE INFORMATION 

9.1. The Company ensures clarity and style of information submitted as well as communication with data subjects.

9.2. The Company enables data subjects to exercise their rights through different activities, including: placing data protection information on the Company’s website.

9.3. The Company makes sure that legal deadlines for fulfilment of obligations towards data subjects are observed.

9.4. The Company implements adequate methods of identification and authentication of data subjects for the purpose of fulfilment of individual rights and obligations to provide information.

9.5. In order to fulfil individual rights, the Company ensures procedures and mechanisms which enable it to identify data of specific persons processed by the Company, integrate the data, make changes in the data, and remove them in an integrated manner,

9.6. The Company ensures handling of obligations to provide information, notifications and requests issued by data subjects.

10. OBLIGATION TO PROVIDE INFORMATION

10.1. The Company determines lawful and effective ways of performing obligations to provide information.

10.2. The Company shall inform the data subject about extending the deadline for handling that person’s request where such extension exceeds one month.

10.3. The Company shall inform the data subject about the processing of their data when obtaining that person’s data.

10.4. The Company shall inform the data subject about the processing of their data when obtaining that person’s data not directly from them.

10.5. The Company determines the method of notification of data subjects about the processing of unidentified data where possible (e.g. a notice that the area is covered by camera monitoring).

10.6. The Company shall inform the data subject about the planned change of purpose for which the data are processed.

10.7. The Company shall inform the data subject before the processing restriction is removed.

10.8. The Company shall inform data recipients about a rectification, erasure or restriction of data processing (unless it requires incommensurably large effort or is impossible).

10.9. The Company shall inform the data subject about the right to oppose data processing at the first contact with that person at the latest.

10.10. The Company shall notify the data subject about the breach of personal data protection without undue delay if such breach could result in high risk of infringement of that person’s rights or freedoms.

11. DATA SUBJECTS’ REQUESTS

11.1. Third party rights. When fulfilling rights of data subjects, the Company introduces procedural guarantees of protection of third party rights and freedoms. In particular, in the case where credible information is received that the fulfilment of the data subject’s demand to issue them with a copy of data or the data portability right may have a negative impact on rights and freedoms of other persons (e.g. rights connected with the protection of other persons’ data, intellectual property rights, trade secret, personal interests), the Company may contact the data subject in order to clarify any doubts or undertake other steps permitted by law, including the refusal to carry out the request.

11.2. No processing. The Company notifies the data subject that it is not processing the data concerning them if such person has submitted a request concerning their rights.

11.3. Refusal. The Company notifies the data subject about the refusal to handle the request and the data subject’s rights connected with it within one month of receiving the request.

11.4. Access to data. At the request of the data subject concerning their access to their data, the Company notifies the person in question whether it is processing their data, and notifies them about details of processing, in accordance with Article 15 of the GDPR (the scope corresponds to the obligation to provide information when collecting data), and also provide the data subject with access to the data concerning them. The access to data may be provided through the issuance of a copy of data, subject to the copy of data issued as part of exercising the right of access to data not being considered by the Company the first free copy of data for the purposes of fees for data copies,

11.5. Data copies. Upon request, the Company issues the data subject with a copy of data concerning them. The Company charges fees for further data copies. The price of one data copy is calculated on the basis of an estimated unitary cost of handling the request to issue a data copy.

11.6. Rectification of data. The Company rectifies incorrect data at the request of the data subject. The Company has the right to refuse data rectification, unless the data subject reasonably proves the erroneousness of data the rectification of which they demand. In the case of rectification of data, the Company shall inform the data subject about data recipients, at the request of the data subject.

11.7. Supplementation of data. The Company supplements and updates the data at the data subject’s request. The Company has the right to refuse the supplementation of data if such supplementation were to be incompliant with the purposes of data processing (e.g. the Company does not have to process data that is redundant for the Company). The Company may rely on the statement of the data subject as to the supplementation of data, unless this is insufficient in the light of procedures adopted by the Company (e.g. as to the acquisition of such data), in the light of law, or there are grounds to accept the statement as unreliable.

11.8. Erasure of data. At the request of the data subject, the Company erases the data where:

(1) the data are not essential for the purposes for which they have been collected, or processed for other purposes compliant with the law,

(2) the consent to the data processing has been withdrawn and there is no other legal basis for their processing,

(3) the data subject has submitted an effective objection to the processing of those data,

(4) the data have been processed not in accordance with the law,

(5) the need to erase data arises from a legal obligation,

(6) the demand concerns child’s data collected on the basis of a consent in order to provide information society services offered directly to the child (e.g. child’s profile in social media, participation in an online competition).

The Company specifies the method of exercising the right to erase all data in such a way as to ensure effective execution of this right with the observance of all data protection rules, including security, as well as verification whether exemptions mentioned in Article 17 (3) of the GDPR have not taken place.

If the data subject to erasure have been made public by the Company, the Company undertakes reasonable activities, including technical measures, in order to notify other data controllers processing these personal data about the need to erase the data and access to them.

In the case of removal of the data, the Company shall notify the data subject about data recipients, at the request of the data subject

11.9. Restriction of processing. The Company restricts data processing at the request of the data subject where:

a) the data subject challenges the correctness of the data – for a period allowing the verification of their correctness,

b) the processing is incompliant with the law, and the data subject objects to the erasure of the personal data, instead demanding the restriction of their use,

c) the Company no longer needs the personal data but the data subject needs them to determine, assert or defend claims,

d) the data subject has objected to the processing for reasons due to their specific situation – until it is determined whether there are legally justified grounds on the part of the Company, overriding in relation to the grounds for the objection.

During the restriction of processing, the Company stores the data, however it does not process them (does not use or transfer them) without the consent of the data subject, unless it is for the purpose of determination, assertion or defending of claims, or to defend the rights of another natural or legal person, or due to valid public interests.

The Company notifies the data subject before the processing restriction is revoked.

If the data processing has been restricted, the Company notifies the data subject about data recipients, at the request of the data subject.

11.10. Data portability. At the request of the data subject, the Company hands over data concerning the data subject that they delivered to the Company, processed on the basis of that person’s consent or for the purpose of conclusion or performance of an agreement concluded with the data subject in the Company’s IT systems, in a structured, widely used format suitable for machine reading, or transfers them to another entity if possible.

11.11. Objection in a special situation. If the data subject notifies an objection to the processing of its data motivated by its special situation, and the data are processed by the Company on the basis of the Company’s justified interests or a task entrusted to the Company in the public interest, the Company shall allow the objection unless there are valid legitimate grounds for the processing, overriding in relation to the interests, rights and freedoms of the person submitting the objection, or grounds for determination, assertion or defending of claims.

11.12. Objection in the case of scientific research, historical research, or statistical purposes. If the Company conducts scientific or historical research, or processes data for historical purposes, the data subject may submit an objection against such processing, motivated by their special situation. The Company shall allow such objection unless the processing is necessary to carry out a task carried out for public interests.

11.13. Objection to direct marketing. If the data subject submits an objection to the processing of their personal data by the Company for the purposes of direct marketing (including possible profiling), the Company shall allow the objection and shall cease such processing.

11.14. Right to human intervention during automatic processing. If the Company processes data in an automated manner, including profiling of persons, and in consequence makes decisions concerning the data subject that have legal consequences or affect the data subject significantly in another way, the Company provides the opportunity to appeal to the intervention and decision of a person on the part of the Company, unless such automatic decision: (i) is necessary to conclude or perform an agreement before the appealing party and the Company, or (ii) it is explicitly permitted by legal regulations, or (iii) is based on a clear consent of the appealing party.

12. MINIMISATION

The Company makes sure the processing of data is minimised in terms of: (i) adequacy of data for the purposes (quantity of data and scope of processing), (ii) access to data, (iii) duration of data storage.

12.1. Minimisation of scope

The Company has verified the scope of data acquisition, scope of their storage and the quantity of data processed from the point of view of adequacy for the purposes of processing as part of implementation of the GDPR.

The Company periodically reviews the quantity of data processed and the scope of their processing at least once a year, in particular by updating the registers kept.

The Company conducts the verification of changes as to the quantity and scope of data processed under the change management procedures (privacy by design).

12.2. Minimisation of access

The Company uses restrictions of access to personal data:

(1) legal (confidentiality clause, scopes of authorisation), a specimen of the authorisation to process personal data constitutes Appendix No 4 to the Policy.

(2) physical (access zones, locking of rooms),

(3) logical (restriction of authorisations for systems processing personal data and network resources in which personal data reside).

The Company uses the physical access control.

The Company updates access authorisations in the case of personnel changes and where roles of persons change, as well as in the case of changes of processors and sub-processors.

The Company periodically reviews the established system users and updates them at least once a year.

12.3. Minimisation of time

The Company implements personal data life cycle control mechanisms in the Company, including the verification of further usefulness of data in terms of deadlines and check points indicated in the Register.

The data the scope of usefulness of which is restricted with the passage of time are removed from the Company’s production systems as well as from reference files and main files. Such data may be archived and be in backup copies of systems and information processed by the Company.

13. SECURITY

The Company ensures the level of security corresponding to the risk of infringement of rights and freedoms of natural persons as a result of personal data processing by the Company.

13.1. Analyses of risk and adequacy of security measures

(1) The Company ensures the appropriate level of knowledge about information security, cybersecurity, and business continuity – internally or with the support from specialised entities (training, obligation to observe the Policy).

(2) The Company sorts data and processing activities into categories in terms of risk that they pose (Register).

(3) The Company determines organisational and technical security measures it is possible to adopt and evaluates the cost of their implementation. This includes the Company determining usefulness and applying such measures and approach as:

(i) pseudonymisation,

(ii) encrypting personal data,

(iii) other cybersecurity measures making up the ability to continuously ensure confidentiality, integrity, accessibility and resistance of systems and processing services,

(iv) measures for ensuring business continuity and preventing effects of disasters, i.e. the ability to quickly restore accessibility of personal data and access to them in the event of a physical or technical incident.

13.2. Assessment of consequences for data protection

The Company assesses consequences of processing operations planned for personal data protection where in accordance with the risk analysis the risk of breach to rights and freedoms of data subjects is high.

13.3. Security measures

The Company uses security measures determined under analyses of risk and adequacy of security measures as well as assessments of consequences for data protection.

Personal data security measures constitute an element of the information security and cybersecurity measures.

Specification of technical and organisational measures necessary to ensure confidentiality, integrity and accountability of data processing constitutes Appendix No 6 to the Policy.

13.3.1. Persons authorised to process data

The duties of persons authorised to process personal data include knowing, understanding and using any available personal data protection measures to the greatest possible extent and making unauthorised access to their workstations impossible. These duties also include:

processing personal data in accordance with currently binding legal provisions and regulations adopted; 

following agreed internal personal data processing regulations (the Policy);

keeping secret personal data and information about the methods of protecting them;

protection of personal data and personal data processing measures against unauthorised access, disclosure, modification, destruction or distortion;

notifying the superior about all and any suspected breaches or noticed breaches as well as weaknesses of the personal data processing system.

13.4. Notification of breaches

The Company uses procedures which allow the identification, assessment and notification of the identified data protection breach to the Data Protection Office within 72 hours from the identification of the breach.

14. PROCESSORS

The Company has rules for selection and verification of processors processing data for the Company, developed in order to ensure that the processors provide sufficient guarantees of appropriate organisational and technical measures to ensure security, fulfilment of individual rights, and other data protection duties lying with the Company.

The Company adopted requirements as to the data processing outsourcing agreement, constituting Appendix No 2 to the Policy – “Specimen of the data processing outsourcing agreement”.

The Company has adopted requirements as to the data processing sub-outsourcing agreements constituting Appendix No 3 to the Policy – “Specimen of the data processing sub-outsourcing agreement”.

The Company holds processors accountable for the use of sub-processors, as well as other requirements arising from the Principles of personal data outsourcing.

The Company keeps and updates on an ongoing basis a register of entities to whom personal data for which Controllers are Company’s clients have been sub-outsourced, constituting Appendix No 4 to the Policy – “Register of entities to whom personal data have been sub-outsourced”.

The Company keeps a register of entities/clients who have handed over their personal data to the Company, constituting Appendix No 8 to the Policy – “Register of entities who have handed over personal data to the Company”.

15. DATA EXPORTING

The Company records cases of data exporting, i.e. transferring data outside the European Economic Area (EEA in 2017 – the European Union, Iceland, Liechtenstein and Norway) in the Register.

In order to avoid the situation of unauthorised data exporting, in particular in connection with the use of publicly available cloud services (shadow IT), the Company verifies the user behaviour and, as far as possible, makes available equivalent solutions compliant with data protection law.

16. DESIGNING PRIVACY

The Company manages the change which affects privacy in such a way that appropriate personal data security and minimisation of data processing may be ensured.

For this purpose, the Company’s principles of running projects and investments refer to personal data security and minimisation principles, requiring the assessment of impact on data privacy and protection, allowing for and designing security and minimisation of data processing from the beginning of the project or investment.

17. How to contact us?

17.1 Send all documents connected with this Privacy Policy to the following contacts:

a) by post – Alna Business Solution Sp. z o.o., address: ul. Wierzbowa 9/11, PL 00-094 Warszawa
b) by e-mail – info@alna.pl

INFORMATION ABOUT COOKIES:

The website of Alna Business Solutions Sp. z o.o. uses cookies.

Cookies are IT data, mainly text files, recorded in the website user’s terminal device. They are used for the purpose of using the website. Such files contain the name of the website they originate from, duration of storage, and a unique number.

The purpose of cookies is to adapt the content of websites to user’s preferences and to optimise the use of the websites.

We do not use cookie to track users’ movements on the website or to display advertisements, only for statistical purposes. Browsers usually allow the storing of cookies in the User’s terminal device as a default setting.

Users of websites have the possibility of changing browser settings in this respect. Information about it may be obtained through each internet browser’s help section.

Restrictions on the use of cookies may affect some functionalities available on the website.