PRIVACY POLICY

Caring for the personal data of users of the website and respecting their right to privacy, Press Glass Holding S.A. (hereinafter: “Controller” and/or “Press Glass”) with its registered office at ul. Golfowa19, 42-274 Konopiska, Konopiska commune, entered into the National Court Register by the District Court in Częstochowa, 17th Commercial Division of the National Court Register under number 0000131477, using Tax Identification Number NIP 574-000-74-96 and Business Statistical Number REGON 150021158, share capital of PLN 500 000 (in words: five hundred thousand zlotys 00/100), paid in full, represented by the Management Board – in accordance with a valid legal authorisation – is the Controller of personal data collected via www.rosa.golf.

1. Press Glass attaches importance to whether users using the www.rosa.golf – website are confident that their personal data is protected in a reliable and lawful manner, therefore, Press Glass is taking steps to properly secure information about people coming to this place. Not only does it guarantee the standards adopted by law, but also systematically works on raising them.

2. The adopted Privacy Policy is fully reflected in the applicable law, because it includes regulations resulting, inter alia:

• from Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – OJEU L of 2016, No. 119, item 1) – hereinafter referred to as the GDPR,
• from the Personal Data Protection Act of 10 May 2018 (Journal of Laws 2018, item 1000),
• from the Act of 18 July 2002 on rendering electronic services (Journal of Laws 2018, item 650),
• from the Act of 16 July 2004 – Telecommunications Law (consolidated text, Journal of Laws 2014, item 243, as amended),

thus, fulfilling the principle of legality – actions undertaken within the framework and limits set out by applicable provisions of law at the time of their application.

3. This Privacy Policy is intended to inform all users of the website how Press Glass processes personal data through the above-mentioned website (to what extent and for what purpose, and what is the legal basis for the processing of personal data), when it can pass it on to third parties, what means of protection of this data against falling into unauthorised hands it applies and what can a user do if he or she is not fully satisfied with the methods of protection applied.

1. The Privacy Policy shall apply to the website located at the internet address www.rosa.golf, in Polish and international English language versions,

2. Press Glass publishes on the aforementioned website links to other websites that include, among others, projects with the company’s participation. While Press Glass is committed to achieving the highest standards in the field of personal data protection and the right to privacy, it cannot guarantee that the owners (controllers) of linked websites are guided by the same rules, since Press Glass has no influence on their privacy policies and policies regarding cookies. Therefore, the company recommends that users should each time read the rules applicable on the websites to which links are provided on this website.

3. As a rule, Press Glass does not provide space on its website to other entities, e.g. for advertising or announcement purposes. However, if such situation arises, Press Glass, as in the case referred to in sec. 2, shall not be able to ensure that the owners (controllers) of the indicated websites comply with applicable provisions of law and duly care about the safety of users’ data. In this case, you also need to read the privacy policy and Cookies policy presented on these websites and their mobile applications.

1. Personal data is all information that can identify the user of the www.rosa.golf website, for example, first name and surname, e-mail address. The words “to process” or “processing” used by Press Glass shall mean all activities and operations performed on the user’s personal data (e.g., storage of data) in the scope of the above-mentioned website.

2. If the user is under 13 years of age, Press Glass shall not process his or her personal data (Article 8 of the GDPR), for example, in order to obtain a card authorising the use of the above golf course, unless consent previously expressed by the user or legal action performed is confirmed by a person having legal custody over him or her or by the above persons or consent is granted to Press Glass by a statutory representative or legal guardian for and on behalf of the user who is under 13 years of age at the time of granting consent to the processing of this data or under 18 years of age in other legal actions, if the user’s Parents or legal guardians do not confirm to the e-mail address: gdpr@pressglass.com consent to the processing of personal data of the user who is under 13 years of age at the time of giving consent, Press Glass shall refrain from processing personal data in relation to the above user.

1. Using the www.rosa.golf website is voluntary. It is the user who decides himself or herself whether he or she wants to use the Press Glass website and the services provided through it. Providing by the user his or her personal data to Press Glass using forms and other technical methods developed in the scope of the above-mentioned website is voluntary, however, in order to use some services, e.g. to obtain membership of the Rosa Golf Club or IAC membership, it is necessary to provide personal data, about which the user is always informed by Press Glass in advance.

2. Any person who has provided his or her personal data to Press Glass as the Controller may request to obtain access to it, to correct, update or rectify it, to limit its processing, suspend temporarily or permanently its processing, delete it or transfer it, that is, indicate the entity to which Press Glass, on behalf of the user, shall send his or her personal data. Everyone has the right to object against the processing of his or her personal data by Press Glass free of charge. Everyone has the right to submit a complaint to the supervisory body against actions taken by the Controller of the www.rosa.golf website.

In Poland, the supervisory body is the President of the Office for Personal Data Protection in accordance with the Act of 10 May 2018 on the protection of personal data (Journal of Laws 2018, item 1000).

As regards the protection of personal data in individual EU countries (e.g. in Poland it is the President of the Office for Personal Data Protection), assistance can be obtained at https://uodo.gov.pl/en/p/data-protection-authorities lub https://edpb.europa.eu/edpb_en.

3. The principle of accountability applied by Press Glass is closely related to the provisions of the GDPR – Article 5 sec. 2, according to which the data controller is required to demonstrate compliance with the principles of personal data protection, including compliance of the actions undertaken with the law, reliability, transparency, limitations of the purpose of personal data processing, minimization of processing, regularity, limitation of personal data storage as well as integrity and cohesion by ensuring adequate security of the personal data processed by the controller.

§ 5 Purpose and time of personal data processing

1. As the Controller, Press Glass may process the following personal data of users:

• first name and surname,
• e-mail address,
• information about the connection parameters (websites from which the user enters the Controller’s website, IP address, date and time of access, the amount of data transferred, information about the browser used and the operating system).

2. Information listed in § 5 sec. 1 shall be used to undertake activities within the administration of the website, analysing visit statistics, recognising and solving problems of the website, analysing safety of the website. Information on the users’ IP can be transferred to authorized state authorities at their request, for the needs of proceedings conducted by them, on the basis of applicable laws, or to third parties on the basis of decisions of state authorities, and for the purpose of profiling users – any form of automated processing of personal data for the assessment of certain personal factors (e.g. preferences, interests, locations).

3. Personal data of the users of www.rosa.golf website shall be processed for the purposes of:

• publication of contents posted via the above website – legal basis: Article 6 sec. 1(f) of the GDPR,
• ontacting the user: this data is necessary for the purposes directly related to the functioning of the above website, for example, in order to submit commercial information presented to the user via www.rosa.golf, or to obtain by the user, e.g., the IAC card, or to obtain information about tournaments held through the Rosa Golf Club (personal data being processed: first name and surname, e-mail address) – legal basis: Article 6 sec. 1(a) and sec. 1(b) of the GDPR,

4. Press Glass also processes personal data for the purposes set out below, based on a legitimate interest, i.e.:

• to ensure security of services that it provides electronically, including enforcement of the rules provided for by law and the prevention of fraud and abuse, as well as to ensure traffic safety on the aforementioned website (personal data being processed: e-mail address) – legal basis: Article 6 sec. 1(c) and sec. 1(d) of the GDPR,
• to conduct research and analyses of the website, among other things, in terms of functionality, improvement of the operation of services – legal basis: Article 6 sec. 1(f) in conjunction with Article 22 of the GDPR,
• to provide services by electronic means via the www.rosa.golf website, legal basis – Article 6 sec. 1(b) of the GDPR,
• to handle requests from users submitted via the contact form in a situation where they are not directly related to the performance of the agreement – legal basis: Article 6 sec. 1(f) of the GDPR,
• to perform legal obligations imposed on the Controller – legal basis: Article 6 sec. 1(c) of the GDPR,
• to establish, defend and pursue claims – legal basis – legally justified interest pursued by the Controller consisting in conducting business activity – Article 6 sec. 1(f) of the GDPR,
• to collect personal data for archival purposes and ensure compliance with the accountability principle (showing that Press Glass meets its obligations under the law) – legal basis: Article 6 sec. 1(f) and Article 6 sec. 1(f) in conjunction with Article 22 of the GDPR.

§ 6 Access to and security of personal data

1. Press Glass , as the controller of personal data processed via www.rosa.golf, informs that it takes and applies technical and organizational measures that ensure protection of personal data processing appropriate to the threats and categories of data subject to protection, and in particular, protects data from being made available to unauthorised persons, being taken away by an unauthorized person, its processing in violation of applicable laws and its change, loss, damage or destruction. Due to the cooperation of the Controller with its affiliates and service providers established outside the EEA, personal data of users may be transferred outside the European Economic Area.

2. Personal data of the www.rosa.golf website’s users may be transferred to the USA in the scope of support of the above-mentioned Website. Based on appropriate legal safeguards, which are standard contractual clauses for the protection of personal data approved by the European Commission, including actions in accordance with Article 28 of the GDPR, as well as due to the fact that, in relation to the above-mentioned Country, the European Commission adopted on 12 July 2016 a decision on the appropriate protection of personal data (EU-US Privacy Shield Program), which allows the transfer of personal data of EU citizens, while ensuring an adequate security standard of the above-mentioned procedures, personal data of users of the above Press Glass website are properly protected.

3. At any time, Press Glass may provide the user with additional explanations regarding the transfer of personal data, in particular, when the issue raises his or her concern.

4. Press Glass, as the controller of personal data, may entrust with the processing of personal data another entity, e.g. the  Golf Club Association, Polish Golf Union, however, it may do so only for the purpose and to the extent specified in the agreement and with consent of the user.

5. Press Glass informs that, when conducting operations related to the activities of the above golf course, it does not use the so-called sensitive data that could identify: sexual orientation and/or sexual preferences, ethnic and racial information, political and trade union affiliation, ideological and/or religious affiliation, property status, health of the user of the www.rosa.golf website.

§ 7 Duration of personal data processing

1. In accordance with applicable law, Press Glass Holding S.A. does not process users’ personal data “indefinitely”, but for the time that is needed to achieve the designated purpose of personal data processing. After this period, personal data shall be permanently deleted or destroyed.

2. In the situation where there is no need to perform operations on users’ personal data other than storing them until they are permanently deleted or destroyed, personal data shall be additionally secured – through pseudonymisation. Pseudonymisation consists in such encryption of personal data or a personal data set that it is impossible to read them without an additional key, and thus, such information becomes completely useless to an unauthorized person.

3. Regarding individual periods of personal data processing, we kindly inform that we process personal data:

• until personal data become obsolete or lose validity, however, no longer than for one year with regard to personal data: in the form of an IP address, domain name, browser type, operating system type, processed for the purpose of maintenance and operation of the www.rosa.golf, website, including data collected automatically in the course of users’ visits on the aforementioned website,
• until the consent is withdrawn or the purpose of processing is achieved, however, no longer than for 6 years in relation to personal data obtained in the scope of the user’s consent to the processing of his or her personal data,
• in connection with the prevention of abuse and fraud, for statistical and archiving purposes, for 6 years from the date of termination of the agreement or the date of the event necessitating such processing.

4. At the same time, in order to implement the accountability principle, Press Glass stores personal data for the period in which the Company is obliged to maintain data or documents containing them for the purpose of documenting the fulfilment of legal requirements, including enabling control of their fulfilment by public authorities

5. Periods in years are counted from the end of the year in which Press Glass began processing of personal data. Separate term counting for each event would entail significant organizational and technical difficulties, as well as significant financial effort, so setting one date for removing or destroying personal data allows for more efficient management of these processes by Press Glass. Of course, if the user uses the right to be forgotten, such situations are considered individually.

1. Press Glass guarantees users to respect all of their rights under the General Data Protection Regulation, commonly referred to as the GDPR, and the provisions of Polish law concerning the processing of personal data:

• access to personal data,
• information about the processing of personal data,
• rectifying personal data,
• deletion of personal data,
• restriction of the processing of personal data,
• objection to the processing of personal data,
• transfer of personal data (at the user’s request, within a month the user shall receive from Press Glass a file with data in a structured, commonly used, machine-readable format. Under this right, the user can also indicate an entity to which Press Glass should send his or her data,
• the right to object to the profiling of personal data – not being subject to automated decision-making.

2. Press Glass indicates that these rights are not absolute and, therefore, may be legally refused in certain situations. However, a decision of refusal shall be taken by Press Glass only if the refusal to meet the request is necessary.

3. As regards the right to object, Press Glass explains that the user has the right to object to the processing of his or her personal data on the basis of a legitimate interest of the Controller of personal data, due to a special situation of the user. In accordance with regulations, Press Glass may refuse to take into account the objection if it proves that:

• there are legitimate grounds for processing that override users’ interests, rights and freedoms or,

• there are grounds for establishing, pursuing or defending claims.

4. Furthermore, at any time, the user may object to the processing of his or her personal data. In this situation, after receiving objection, Press Glass shall cease processing personal data of the user in the scope of obligations resulting from the law.

The user can exercise his or her rights by:

• sending a written message directly to the address of Press Glass headquarters at ul. Golfowa19, 42-274 Konopiska, Konopiska commune, or to e-mail address: gdpr@pressglass.com

1. Cookies are files that are saved and stored on the user’s computer, tablet or smartphone, or another device used to access the Internet during visits to the www.rosa.golf website. Information on Cookies also applies to other similar technologies used within the above-mentioned website.

2. The entity placing Cookies on the user’s device and having access to them is the Controller, Press Glass Holding S.A., with its registered office at ul. Golfowa19, 42-274 Konopiska, Konopiska commune, entered into the National Court Register by the District Court in Częstochowa, 17th Commercial Division of the National Court Register under number 0000131477, using Tax Identification Number NIP 574-000-74-96 and Business Statistical Number REGON 150021158, share capital of PLN 500 000 (in words: five hundred thousand zlotys 00/100), paid in full, represented by the Management Board – in accordance with a valid legal authorisation.

3. Cookies are used by Press Glass to improve the structure and content of the www.rosa.golf website by adjusting the content of the website pages to the best possible use of its users. As the Controller, Press Glass has the right to create statistics in this respect. Press Glass does not profile its users through the www.rosa.golf website.

The Controller uses the following Cookies via the website / mobile application:

• session cookies – are data necessary to maintain the session under the current activities of the website’s users. This information is stored only in the user’s end device’s operating memory and remains there until the session is terminated – the website is closed or the web browser is turned off.
• permanent cookies – are information that is stored between the user’s visits on the website. These files can be collected in order for Press Glass to recognize how the user uses the website, types of his or her preferences, number of visits and duration of visits. This information does not record specific personal data of the user, but it is used to analyse the statistics of the website use.

4. The Controller uses, in particular, Google Analytics Cookies – statistics for www.rosa.golf. Details of the privacy policy can be viewed on the Google Analytics website: http://www.google.com/analytics/learn/privacy.html,

5. Users of the www.rosa.golf website can make changes to the Cookies settings at any time. These settings can be changed, in particular in such a way as to block the automatic handling of Cookies, in the web browser settings (e.g. Safari, Firefox, Internet Explorer, Chrome, Opera), or inform them about each placement on the device of the website’s user. Details on the possibilities and methods of managing Cookies are available in the software settings (of a specific web browser).

6. Failure to change the settings in the scope of Cookies means that they will be placed in the user’s end device, and thus, Press Glass, as the Controller, will have the right to store information about the user’s end device and access this information.

7. Disabling the use of Cookies may cause difficulties in using certain services on the aforementioned website, in particular requiring, for example, sending messages to Press Glass. On the other hand, disabling the option of accepting Cookies does not mean that you cannot read or view the contents posted on the www.rosa.golf website, except for those for which login access is required.

8 Personal data collected by Press Glass as the Controller via www.rosa.golf is protected by means of security procedures as well as technical and organisational tools and measures.

1. Over time, circumstances may arise that will make it necessary to change this Privacy Policy. Most often they will be linked to:

• technological progress,
• change in the way of using the website,
• zmianą dotychczas obowiązujących przepisów,
• introduction of new legal regulations,
• decisions of public authorities, e.g. of the President of the Office for Personal Data Protection or the President of the Office for Competition and Consumer Protection, rulings of common courts, etc.

2. Bearing in mind the above circumstances, this Privacy Policy is updated on an ongoing basis, in accordance with regulations applicable in the Republic of Poland and the European Union. Users will be informed about any changes to the Privacy Policy on the www.rosa.golf website.

3. In the scope not covered by this Privacy Policy, the regulations on the protection of personal data provided for by Polish and EU legislation shall apply.

4. This Privacy Policy shall apply from 25 May 2018.

1. The User may, at any time, contact the Controller of the www.rosa.golf website to obtain information on whether and how Press Glass uses or intends to use his or her personal data.

2. The User may also contact the Controller of the website to exercise his or her rights referred to in § 8.

3. E-mail address at which you can contact the Controller is: gdpr@pressglass.com, and telephone number: +48 34 327 50 69.

4. The Controller has appointed a Data Protection Officer. The Data Protection Officer can be contacted directly by electronic means at the following e-mail address: iod@pressglass.com or by phone at: +48 602 638 231.