Privacy Policy

I. General Provisions

Definitions of terms used in this privacy policy:

  1. Administrator – GPD limited liability company limited partnership with its registered office in Poznań at ul. Roosevelta 18, 60-829 Poznań, entered in the Register of Entrepreneurs of the National Court Register kept by the District Court Poznań – Nowe Miasto i Wilda in Poznań, VIII Commercial Division of the National Court Register under number: 0000527454, REGON: 302860051, NIP PL: 7811902177;
  2. Personal Data – information about a natural person identified or identifiable, in particular based on an identifier such as name, surname, PESEL, location data, internet identifier;
  3. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;
  4. Service – the website available at www.gpdfilmstudio.pl.
  5. User – any natural person visiting the Service or using one or more services provided within the Service.

The privacy policy is a document regulating the principles of processing and protecting the personal data of Users in connection with the use of the Service, collected during the use of the Service.

The primary goal of the Administrator is to ensure the protection of the privacy of the Service Users and to ensure that the processing of their personal data collected in connection with their activity on the Service complies with applicable laws, including GDPR.

II. Principles of Personal Data Processing

  1. Personal data is processed by the Administrator based on:
    1. Article 6(1)(a) GDPR – based on consent, personal data may be processed by the Administrator for purposes indicated in the consent clause, e.g., for marketing activities via phone call or by sending commercial information to an email address;
    2. Article 6(1)(b) GDPR – data is processed in connection with the performance of a contract and for the purpose of its execution e.g., for the conclusion and execution of the agreement for the delivery of the Newsletter service (this includes all personal data provided to the Administrator in connection with the concluded contract, whose processing is necessary for the performance of the contract and includes processing necessary to take actions at the request of the data subject before concluding the contract);
    3. Article 6(1)(c) GDPR to fulfill a legal obligation incumbent on the Administrator (e.g., accounting regulations, tax regulations);
    4. Article 6(1)(f) GDPR, i.e., for purposes resulting from legitimate interests pursued by the Administrator, including:
      • archiving documents, including files related to business contact, such as portfolio, offers, inquiries, email correspondence during cooperation;
      • creating and maintaining databases of contractors, including a database of shooting location addresses;
      • claiming or securing claims;
      • conducting quality analyses and statistics regarding provided services and completed projects;
      • responding to messages in connection with contact with the Administrator.

    In individual cases and upon prior consent, the Administrator may process personal data based on Article 6(1)(a) GDPR for purposes other than those mentioned above.

  2. The Administrator of personal data exercises particular care to protect the interests of the data subjects, and in particular ensures that: the personal data it collects is processed lawfully; is collected for specified, lawful purposes and not subjected to further processing incompatible with these purposes; remains substantively accurate and adequate for the purposes for which it is processed.
  3. To carry out marketing activities, the Administrator in some cases uses profiling, employing the automated processing of data collected through cookies and similar technologies (e.g., marketing tools provided by Google). The actions taken, including profiling, do not serve automated decision-making concerning the User or produce any legal effects for the User. More about cookies in section VI of the Privacy Policy and section VII. Analytical and Marketing Tools Used by the Administrator.
  4. The Administrator processes personal data of Users visiting the Administrator's profiles maintained on social media (Facebook, Instagram), including those engaging in activity on these profiles. The data is processed solely for marketing purposes, including promoting the Administrator's brand, activities, services, and products, as well as for building and maintaining communication, based on the Administrator's legitimate interests.

III. User Rights

  1. Every User has:
    1. the right to access their personal data, i.e., the right to obtain confirmation whether the Administrator processes the data, to what extent, and information about such processing, including the basis for processing;
    2. the right to rectify data if the data processed by the Administrator is incorrect or incomplete;
    3. the right to request the Administrator to delete data;
    4. the right to request the Administrator to restrict data processing;
    5. the right to data portability, i.e., the right to receive the personal data provided to the Administrator and transfer it to another administrator if processing is based on consent or contract and is carried out in an automated manner;
    6. the right to object to the processing of personal data for purposes arising from the Administrator's legitimate interest;
    7. the right to object to processing for marketing purposes;
    8. the right to withdraw consent given for personal data processing at any time (without affecting the lawfulness of processing carried out based on consent before its withdrawal);
    9. the right to lodge a complaint with the Polish supervisory authority or the supervisory authority of another EU member state, particularly if the User believes that the processing of their personal data violates GDPR (in Poland, since 25.05.2018, the supervisory authority is the President of the Personal Data Protection Office).
  2. A request to exercise the aforementioned rights can be submitted via:
    1. in writing to the Administrator's address;
    2. via email to: ochrona.danych@gpd.com.pl.
  3. The request referred to in point 2 above must be precisely formulated and in particular indicate what request is to be fulfilled, what processing purposes the request concerns, and what type of data processing the request pertains to. If necessary, the Administrator is entitled to request clarification/supplementation of the request for the data needed to properly fulfill the requests contained in the request.
  4. The Administrator will inform the User within one month of receiving the request about actions taken in connection with the request. If necessary, the Administrator will inform the User about the need to extend the response time, providing the reason for the extension.
  5. The response to the request will be sent using the same communication method as was used to submit the request. In the case of a written request, at the User's request, the response may be sent electronically to the email address provided by the User.
  6. In the case of processing personal data based on consent, the User has the right to withdraw consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. To withdraw consent, the User should:
    1. For the Newsletter service, the subscription can be canceled using the deactivation link found in the content of each sent Newsletter or by completing the cancellation form found in the Newsletter Regulations
    2. Send an SMS/MMS to the phone number +48 506 193 341 with information regarding the withdrawal of consent for marketing activities in the form of a phone call
    3. Send an email to new-business@gpd.com.pl with information regarding the withdrawal of consent to send commercial information to the email address

IV. Period for which data is stored:

  1. Personal data processed for the purpose of concluding or performing a contract will be stored for the duration of the contract and, thereafter, for the period necessary for post-sale customer service (e.g., complaint handling), securing or pursuing claims owed to or against the Administrator;
  2. Personal data processed to fulfill the Administrator's legal obligation will be processed until such legal obligation is fulfilled;
  3. Personal data processed based on separate consent will be stored until such consent is withdrawn;
  4. Personal data processed for purposes resulting from legitimate interests pursued by the Administrator will be processed until an objection to such processing is made, unless the Administrator demonstrates compelling legitimate grounds for processing overriding the interests, rights, and freedoms of the data subject or grounds for establishing, pursuing, or defending claims;
  5. Personal data processed for marketing purposes will be processed until an objection to such processing is made.

If an objection is made to the processing of personal data for marketing purposes, personal data related to marketing will no longer be processed for this purpose.

V. Categories of data recipients

Personal data of Users may be disclosed to the Administrator's employees and collaborators, entities affiliated with the Administrator, debt collection companies, postal operators, carriers, partners providing technical services, hosting service providers, IT system providers, subcontractors of the Administrator, other entities providing services to the Administrator, and employees or collaborators of such entities.

VI. Cookies and operational data

  1. The Service uses cookies, i.e., small text-and-numeric files that are stored by the telecommunication system on the User's telecommunication system (computer, phone, or another device used to connect to the Service) during browsing and allow subsequent identification of the User when reconnecting to the Service from the device (e.g., computer, phone) on which they were stored.
  2. Cookies collect data about the User's use of the Service, and their main purpose is to facilitate the User's use of the Service, tailor the Service to the User's needs and expectations (personalization of Service subpages), analyze User traffic within the Service, and conduct marketing activities by the Administrator.
  3. Depending on the storage period on the end device, cookies used by us can be divided into:
    • Session cookies: stored on the User's device until the end of the browser session. Saved information is then permanently deleted from the device's memory.
    • Persistent cookies: stored on the User's end device for a defined period or until they are deleted by the User.
  4. We use the following types of cookies: Essential cookies contribute to website usability by enabling basic functions like page navigation. The Service cannot function properly without these cookies. Preference cookies allow the website to remember information that changes its appearance or operation, such as the preferred language or the region in which the User is located. Statistical cookies help website owners understand how different Users interact with the site. Marketing cookies are used to track Users across websites. Their purpose is to display ads that are relevant and engaging for individual Users and therefore more valuable to publishers and advertisers.
  5. The use of data collected through the above-mentioned technologies, including for marketing purposes, is based on the Administrator's legitimate interest and only if the User has consented to the use of cookies. Consent can be withdrawn at any time. A link to the tool used on the Service for managing User preferences regarding cookie installation is available HERE.

Google Chrome

Default settings of the Google Chrome browser allow for storing cookies. To change these settings:

Microsoft Internet Explorer

Default settings of the Microsoft Internet Explorer browser allow storing cookies but block files that may originate from services not following a privacy policy. To change these settings:

OR:

Mozilla Firefox

Default settings of the Mozilla Firefox browser allow storing cookies. To change these settings:

Opera

Default settings of the Opera browser allow storing cookies. To change these settings:

Safari

Default settings of the Safari browser allow storing cookies. To change these settings:

VII. Analytical and Marketing Tools Used by the Administrator

The Administrator uses various methods and tools for analytical and marketing purposes. Below, general information about the tools used is presented.

For web analytics, the Administrator also uses the Google Signals tool, which is an extension of Google Analytics services enabling so-called "cross-device tracking" (identifying users across multiple devices). This means that if the User’s internet-enabled devices are linked to their Google account, and the User has activated the "personalized advertising" option on their Google account, Google can generate reports on the use of our site (in particular, the number of Users using different devices), even if the User switches devices. The Administrator does not process personal data in this regard, and the reports received from Google do not allow the Administrator to identify individual Users (the data collected by Google is anonymized and aggregated).

A link to the tool used on the Service, enabling Users to manage their preferences regarding the installation of Google Analytics cookies, is available HERE. Additionally, to opt out of Google Analytics cookies, you can download and install the browser add-on that blocks Google Analytics (Opt-out Browser Add-on: https://support.google.com/analytics/answer/181881?hl=en).

A link to the tool used on the Service, enabling Users to manage their preferences regarding the installation of GOOGLE ADS & DV 360 cookies, is available HERE. Additionally, any User with a Google account can disable personalized advertising on the internet in the Google Ads Settings (https://support.google.com/My-Ad-Center-Help/answer/12155451?visit_id=638169850624111508-3462238637&rd=1).


VIII. Final Provisions

  1. The personal data administrator applies technical and organizational measures ensuring the protection of processed personal data appropriate to the risks and categories of personal data covered by the protection, in particular securing personal data against unauthorized access, unauthorized acquisition, processing in violation of applicable regulations, and alteration, loss, damage, or destruction.
  2. This privacy policy is effective upon publication, understood as posting its full content on the Service with an indication of the posting date. The privacy policy may be subject to changes or updates. Any changes to the privacy policy, including updates, will be published within the Service with an indication of the posting date. The amended Privacy Policy is effective upon publication in the Service.

Contact

The Administrator has appointed a Data Protection Officer – Paweł Radzewicz. Contact with the Administrator’s Data Protection Officer is possible at the Administrator’s address and via email at: ochrona.danych@gpd.com.pl