1. General Information

This policy applies to the website at: nbest.pl

The operator of the service and the data controller is: NBest Marcin Pałka, Kaliska 19b/30, 41-200 Sosnowiec

Contact email address: biuro@nbest.pl

The operator is the data controller for the personal data provided voluntarily on the website.

The website uses personal data for the following purposes:

• Managing the newsletter
• Managing the comment system
• Conducting online chat
• Handling inquiries through forms
• Fulfilling ordered services
• Presenting offers or information

The website collects information about users and their behavior in the following ways:

• Through data voluntarily entered into forms, which is stored in the operator’s systems.
• By saving cookies (also known as “cookies”) on end devices.
• In the case of vehicle monitoring, images of passengers are recorded. Monitoring is implemented for the safety of passengers and to protect property (legal basis: Article 6(1)(f) of Regulation (EU) 2016/679 of the European Parliament and Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR)).

2. Selected Data Protection Methods Used by the Operator

• Login and personal data entry areas are protected during transmission (SSL certificate). This ensures that personal data and login details entered on the site are encrypted on the user’s computer and can only be read on the destination server.
• User passwords are stored in a hashed format. Hashing functions work in one direction – it is not possible to reverse the process, which is now a modern standard for storing user passwords.
• The operator periodically changes administrative passwords.
• To protect data, the operator regularly performs backup copies.
• An essential element of data protection is the regular updating of all software used by the operator to process personal data, particularly software components.

3. Hosting

The website is hosted (technically maintained) on the server of: seohost.pl

4. Your Rights and Additional Information on Data Usage

The Data Controller ensures the protection of the interests of the data subjects, especially ensuring that: a) Collected data is processed in accordance with the law; b) Processing is done for lawful purposes and is not subjected to further processing incompatible with those purposes; c) Processing is accurate and adequate in relation to the purposes for which the data was collected; d) Data is kept in a form which permits identification of data subjects for no longer than necessary for the purposes of processing, unless a legal provision requires otherwise. For example, in the case of images captured by cameras in transport vehicles, the retention period is one month, except in cases of police intervention or civil claims, where data will be processed until the conclusion of the proceedings.

The purpose, scope, and recipients of the data processed by the Data Controller are determined by the actions taken to fulfill the contract and are limited by the content of that contract and the actions of the individual. This should be understood as limiting processing by the Data Controller to the purposes/scope/recipients resulting from: a) Legal regulations – e.g., tax accountability; b) Contract – if such a contract is concluded; c) Consent of the individual – e.g., due to contacting the individual or sending a CV. The individual has the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal; d) In occasional cases, processing may occur based on the Data Controller’s legitimate interests, as described in Article 6(1)(f) GDPR.

Recipients of the data related to contract performance, and this is the vast majority of cases, include: a) IT service providers related to IT matters concerning the form and scope of relations with the User; b) Accounting offices managing contract settlements from a tax perspective; c) Individuals closely cooperating with the Data Controller who have been granted authorization.

These entities are always required to maintain the confidentiality of personal data and process it in accordance with applicable regulations.

The Data Controller processes only the personal data necessary to achieve the purposes.

Providing personal data by an individual is voluntary, but failure to provide necessary data for the conclusion and execution of a contract may result in the inability to conclude such a contract.

Every individual whose personal data is processed in the Data Controller’s databases has the right to access, rectify, delete, or restrict processing of their data, as well as the right to object to processing, the right to data portability, and the right to lodge a complaint with a supervisory authority.

This means that every individual has the right to control the processing of their data, specifically the right to: a) Request supplementation, b) Update, c) Rectify personal data, d) Temporarily or permanently suspend processing or delete it if it is incomplete, outdated, incorrect, collected in violation of the law, or no longer necessary for the purpose for which it was collected.

The Data Controller uses technical and organizational measures to ensure the protection of personal data commensurate with the risks and the category of data protected, especially safeguarding data against unauthorized access, collection by unauthorized persons, processing in violation of applicable regulations, and modification, loss, damage, or destruction.

The Data Controller ensures confidentiality, integrity, and accountability in the processing of data.

Personal data is not transferred to countries outside the European Union. If personal data is transferred to third countries (outside the EU), the Data Controller will apply appropriate instruments to ensure the security of personal data.

Personal data is not subject to profiling or any other automated decision-making.

5. Information in Forms

The website collects information voluntarily provided by users, including personal data if provided.

The website may record connection parameters (time stamp, IP address).

In some cases, the website may record information that helps link data in forms with the email address of the user filling out the form. In such cases, the user’s email address appears within the URL of the page containing the form.

Data provided in forms is processed for the purpose specified in the specific form, e.g., handling a service request or business contact, service registration, etc. Each form context and description clearly informs what it is used for.

6. Administrator Logs

User behavior on the site may be logged. This data is used for administering the service.

7. Key Marketing Techniques

The operator uses statistical analysis of website traffic through Google Analytics (Google Inc. based in the USA). The operator does not provide personal data to this service provider, only anonymized information. The service relies on the use of cookies on the user’s end device. Information about user preferences collected by the Google advertising network can be viewed and edited using the tool: https://www.google.com/ads/preferences/

The operator also uses the Facebook Pixel. This technology allows Facebook (Facebook Inc. based in the USA) to know that a registered person is using the website. This relies on data for which Facebook itself is the data controller. The operator does not provide any additional personal data to Facebook. The service relies on the use of cookies on the user’s end device.

8. Information on Cookies

The website uses cookies.

Cookies are data files, particularly text files, stored on the user’s end device and intended for use on the website. Cookies generally contain the name of the website from which they originate, the duration of their storage on the end device, and a unique number.

The entity placing cookies on the user’s end device and accessing them is the website operator.

Cookies are used for the following purposes:

• Maintaining the user session (after logging in), so the user does not need to re-enter their login and password on each page of the site;
• Achieving the goals specified above in the “Key Marketing Techniques” section;

The website uses two main types of cookies: “session” cookies and “persistent” cookies. “Session” cookies are temporary files that are stored on the user’s device until they log out, leave the website, or close the browser. “Persistent” cookies are stored on the user’s device for a period specified in the cookies’ parameters or until the user deletes them.

Web browser software usually allows cookies to be stored on the user’s end device by default. Users of the website can change their settings in this regard. The web browser also allows for the deletion of cookies. It is also possible to automatically block cookies. Detailed information on this topic is available in the help or documentation of the web browser.

Restricting the use of cookies may affect some functionalities available on the website.

Cookies placed on the user’s end device may also be used by entities cooperating with the website operator, particularly Google (Google Inc. based in the USA), Facebook (Facebook Inc. based in the USA), and Twitter (Twitter Inc. based in the USA).

9. Managing Cookies – How to Express and Withdraw Consent

If a user does not want to receive cookies, they can change the settings in their browser. Note that disabling cookies essential for authentication, security, and user preferences may hinder, and in extreme cases, prevent the use of the website.

To manage cookie settings, choose your browser from the list below and follow the instructions:

• Edge
• Internet Explorer
• Chrome
• Safari
• Firefox
• Opera

For mobile devices:

• Android
• Safari (iOS)
• Windows Phone