This document defines the rules for the processing and use of personal data and the rules for their protection, which are available at www.nebulaexhibits.com and the rules for access to information stored on Users’ Devices by means of Cookies by Nebula Exhibits, LLC.
The detailed principles and purposes of processing personal data collected when the User uses the Website are described below.
- Administrator / Company – Nebula Exhibits, LLC, 2180 Park Avenue North, Suite 318, Winter Park, FL 32789, United States of America, e-mail: firstname.lastname@example.org . The company is the administrator of personal data within the meaning of the GDPR;
- Personal Data – all personal data within the meaning of the GDPR, which are collected and processed by the Administrator in connection with the use of the Website by the User;
- Cookies – so-called “Cookies” are IT data, in particular, small files saved on the User’s Device, in which settings and other information about the websites and applications used by him/her are stored;
- GDPR / Regulation – Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC
- Service – Internet service available at the address: www.nebullaexhibits.com
- Device – any telecommunications terminal device by means of which the User gains access to the Website, including a computer, laptop, tablet, smartphone, mobile phone, equipped with an internet browser
- Services – services provided by the Company electronically on the Website
- User – a natural person, legal person or organizational unit without legal personality, using the Website.
The personal data administrator is Nebula Exhibits, LLC, 2180 Park Avenue North, Suite 318, Winter Park, FL 32789, United States of America. The administrator can be contacted by email at: email@example.com or in writing to: Nebula Exhibits, LLC 2180 Park Avenue North, Suite 318, Winter Park, FL 32789, United States of America.
III. The type of data being processed
- The Administrator processes the data provided by the User in the contact form and data which the Administrator has developed independently (e.g. using Cookies).
- Providing personal data is voluntary, however if the User uses the contact form, providing data is necessary to respond to the notification contained in this form.
- Purposes of processing and legal basis
- Personal data are processed in accordance with the provisions of applicable law, including the GDPR.
- Personal data are processed by the Administrator for the following purposes:
- take action before concluding the contract at the request of the data subject or performance of the contract to which the data subject is party (legal basis is the necessity of processing for the performance of the contract – Article 6 paragraph 1 ( b) of the GDPR
- fulfillment of the legal obligation imposed on the Administrator, depending on the service provided (legal basis for processing is the fulfillment of statutory obligations incumbent on the Administrator – Article 6 (1) (c) of the GDPR);
- resulting from a legitimate interest pursued by the Administrator, i.e. pursuant to art. 6 par. 1. f) GDPR, including for the purpose of:
- investigation or securing of claims;
- marketing of the Administrator’s products and services;
- monitoring the User’s activity on the Website (including using cookies and the tools used by the Administrator)
- on the basis of a separate consent, i.e. based on art. 6 par. 1. a) GDPR for:
- The period through which data is stored
- personal data processed for the conclusion or performance of the contract will be kept for the duration of the contract, and after its expiry for the period necessary for:
- handling complaints
- securing or seeking any claims due to the Administrator and in relation to him;
- fulfillment of the Administrator’s legal obligation (e.g. resulting from tax or accounting regulations);
- personal data processed in order to fulfill the Administrator’s legal obligation will be kept for the period required by generally applicable law
- personal data processed on the basis of a separate consent will be kept until its revocation
- personal data processed for the purposes resulting from legally justified interests executed by the Administrator will be processed until the objection to such processing is filed, unless the Administrator demonstrates the existence of legitimate grounds for processing, overriding interests, rights and freedoms of the data subject, or grounds for establishing, investigating or defending claims. In the event of opposition to the processing of personal data for the purpose of direct marketing, personal data of such a person, to the extent to which the processing is related to direct marketing, will no longer be processed for direct marketing purposes.
- Rights of the data subject
- Each person whose personal data is processed by the administrator is entitled to:
- the right to access the content of their personal data, i.e. the right to obtain confirmation whether the Administrator processes data and information regarding such processing;
- the right to rectify data if the data processed by the Administrator is incorrect or incomplete;
- the right to request the Administrator to delete data;
- the right to request the Administrator to limit the processing of data;
- the right to transfer data, i.e. the right to receive personal data provided to the Administrator and to send it to another administrator if the processing is based on consent or agreement and is carried out in an automated manner;
- the right to object to the processing of personal data for purposes arising from the legitimate interest of the Administrator or to processing for the purpose of direct marketing;
- the right to file a complaint to the Polish supervisory body or supervisory body of another EU Member State, (from 25/05/2018 in Poland- this function is performed by the President of the Office for Personal Data Protection);
- the right to withdraw the consent granted to the processing of personal data at any time (without affecting the legality of the processing, which was made on the basis of consent before its withdrawal).
- The rights listed in points a.- f. and point h above can be implemented, among others by contacting the Administrator’s postal address or the following email address: firstname.lastname@example.org.
VII. Data recipient categories
- Personal data is made available to third parties only in the event of consent by the User or when the access is necessary for the correct performance of the service.
- Personal data may be made available to the following categories of entities:
- entities associated with the Administrator, including companies from the Nebula Group, employees and associates of the Administrator and its related entities
- debt collection companies
- partners of the Administrator providing technical services, hosting providers,
VIII. Security used
- The Company declares that it applies the necessary security procedures to protect against the provision of Personal Data to unauthorized persons, removal by an unauthorized person, processing in violation of the GDPR and change, loss, damage or destruction, thus ensuring the Users the safety of Personal Data being processed.
- All data and information provided by Users are protected in accordance with applicable legal standards, security requirements and confidentiality rules.
- Personal data is not processed in an automated way nor in the form of profiling.
- Personal data is transferred to companies from the Nebula Group, i.e. Nebula Exhibits, ULC 123 Slater St., 3rd floor, Ottawa, ON K1P 5H2, Canada and to a company in Poland – Nebula Exhibits Poland sp. z o.o., ul. Heleny Szafran 10, 60-639 Poznań. These entities use safety and data protection measures that meet the requirements of the GDPR. The European Commission has confirmed the appropriate level of data protection in the case of transfer of personal data to Canada.
- The website service uses cookie files, i.e. small text-numeric files, which are saved by the ICT system in the User’s computer system (on the computer, telephone or other device of the User from which the Service was connected) while browsing the Website and allows for later identification of the user in the case of reconnection with the Website from the device (e.g. a computer, phone) on which they were saved.
- Cookie files collect data on the use of the Website by the User, and their main purpose is to facilitate the use of the Website, customize the Website to the needs and expectations of the User (personalization of the Website subpages), user traffic survey on the Website and marketing activities by the Administrator.
- Browser settings and Cookies
- By default, software used for browsing websites allows cookies to be placed on the Device by default. These settings can be changed in such a way as to block the automatic handling of Cookies in the web browser settings or inform them each time they are sent to the Device. Detailed information about the possibilities and ways of handling Cookies are available in the browser settings used by the User.
- The user may express the consent referred to in point IX. par. 3, by means of the software settings used by him/her to use the Website, e.g. by means of the settings of the browser he / she uses.
- The user may refuse consent, referred to in point IX. paragraph. 3 or withdraw it at any time by changing the appropriate software settings used to use the Website. Detailed instructions on disabling cookies are available in the settings of individual web browsers.
- Final provisions