PRIVACY AND COOKIES POLICY
Last updated on April 1, 2021.

Introduction
This Privacy and Cookies Policy (hereinafter: Policy) sets out the rules for the processing and protection of personal data adopted by MARATHON. The Policy regulates:
a. The types of personal data collected by MARATHON,
b. The manner of using this data,
c. The rights of persons whose data is processed by MARATHON,
d. Categories of entities to whom the data is made available,
e. Personal data protection and security measures ,
f. the method of contact regarding the implementation of the rights of persons whose data is processed by MARATHON,
g. measures and methods of personal data protection used by MARATHON,
h. information on cookies.

I. Basic concepts
1. personal data – any information relating to an identified or identifiable natural person, e.g. name and surname, telephone number, address, ID card number. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more specific factors determining his physical, physiological, mental, economic, cultural or social characteristics. Information is not considered to enable the identification of a person if it would require excessive costs, time or activities;
2. data processing – any operations performed on personal data, such as collecting, recording, storing, developing, changing, sharing and deleting, especially those performed in IT systems;
3. breach of personal data protection – breach of security leading to accidental or unlawful destruction, loss, modification, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise processed;
4. Website – this website administered by MARATHON;
5. User – a natural person who uses the Website.

II. MARATHON as the Personal Data Administrator
1. MARATHON Sp. z o. o. sp. k. with its seat in Kostrzyn (hereinafter: “MARATHON”) at ul. Krajowa 3, 62-025 Kostrzyn.
2. MARATHON makes every effort to protect personal data against disclosure to unauthorized persons, removal by an unauthorized person, processing in violation of applicable law, as well as alteration, loss, damage or destruction, and respect the privacy of every person whose personal data is processed.
3.Personal data are processed by MARATHON in compliance with the requirements of generally applicable law, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement such data and repealing Directive 95/46 / EC (General Data Protection Regulation or GDPR, OJ L 119, 4.5.2016, p. 1-88).

III. Principles of personal data collection by MARATHON
1. MARATHON obtains personal data mainly directly from Users. If the business contact details have not been collected directly from the data subject (e.g. by receiving by MARATHON a business card containing such data or from the employer of such a person), they could have been provided by the represented entity or obtained from publicly available sources, such as as public registers (e.g. the National Court Register).
2. MARATHON obtains personal data, in particular in the scope of:
• contact information (such as name, address of residence / stay / correspondence / business activity, e-mail and telephone number);
• business contact information (such as job title, department and institution name);
• needed to issue a VAT invoice (such as NIP, REGON);
• data concerning the User necessary to perform the contract concluded with MARATHON and to fulfill the legal obligations incumbent on MARATHON;
• the content you provide (such as photos, articles and comments).

IV. The method of processing personal data by MARATHON
1. MARATHON ensures control over the type and scope of personal data processed, the period and method of their processing, as well as the persons authorized to process them.
2. MARATHON makes every effort to protect the information and personal data it collects.
3. MARATHON ensures adequate administrative, technical and physical protection of personal data against accidental, unlawful or unauthorized damage, loss, modification, access, disclosure or use.
4. MARATHON stores personal data only as long as it is necessary to achieve the purpose for which the personal data was collected, unless otherwise provided for in applicable law.
5. MARATHON shall take measures to destroy or permanently disable the identification of personal data, if required by applicable law or if the personal data is no longer needed to achieve the purpose for which it was collected.
6. MARATHON declares that:
• it processes personal data in accordance with the law;
• collects personal data for specified, lawful purposes and does not subject it to further processing incompatible with these purposes;
• stores personal data in a form that permits the identification of persons to whom they relate, no longer than it is necessary to achieve the purpose of processing;
• processes personal data substantially correct and adequate in relation to the purposes for which they are processed.
7. Access to personal data is granted to: MARATHON, its authorized employees, associates and persons providing services to it. Access to personal data by the above-mentioned persons takes place only for the purpose and scope specified by MARATHON.
8. MARATHON and persons authorized to process these data apply technical and organizational measures ensuring protection of the processed personal data.

V. Purposes of personal data processing by MARATHON
1. Data collected by MARATHON may be used, inter alia, for the following purposes:
• provision of services or performance of contracts, in particular sales / delivery contracts, offered by MARATHON, their administration and communication by MARATHON; in the case of processing personal data of a person on whose request steps have been taken to conclude a contract with MARATHON or to perform a contract concluded with it pursuant to art. 6 sec. 1 lit. b; in the event of obtaining personal data for purposes related to the performance of a specific contract, MARATHON provides the data subject with detailed information regarding the processing of his personal data at the time of concluding such a contract;
• fulfillment of legal obligations incumbent on MARATHON, which result from the provisions regulating the provision of services or activities of MARATHON, in particular the provisions regulating road transport, transport and forwarding, as well as accounting and tax regulations (pursuant to Article 6 (1) (c) of the GDPR );
• conducting electronic and traditional correspondence; in the case of sending to MARATHON via e-mail or traditional correspondence not related to services provided by MARATHON or another contract concluded with MARATHON, the personal data contained in this correspondence are processed only for the purpose of communication and resolving the matter the correspondence relates to, which is a legitimate interest MARATHON (based on: Article 6 (1) (f) of the GDPR);
• conducting telephone contacts; in the case of contacting MARATHON by phone, in matters not related to the services provided by MARATHON or another contract concluded with MARATHON, MARATHON may request personal data only if it is necessary to handle the case to which the telephone contact relates, which is legally justified the interest of MARATHON (based on: Article 6 (1) (f) of the GDPR);
• monitoring: in the event of personal access to the premises administered by MARATHON, MARATHON processes personal data in the form of an image of natural persons in the form of video monitoring, which is a means of increasing security, the legitimate interest of MARATHON (pursuant to Article 6 (1) (a) of the Regulation) f) GDPR);
• collecting personal data in connection with the activities of MARATHON: in connection with its activities, MARATHON may also obtain personal data for other purposes, e.g. establishing and maintaining business contacts, which in each case will be based on the legitimate interest of MARATHON (legal basis: art. 6 (1) (f) of the GDPR).
• risk assessment and improvement of MARATHON’s operations (including the development of the services provided, communication management, analysis and improvement of its services), which is the legitimate interest of MARATHON pursuant to Art. 6 sec. 1 lit. f GDPR;
• assessing the interest in employment or using its services by MARATHON and contact regarding the possibility of employment or provision of services by MARATHON, which is the legitimate interest of MARATHON pursuant to Art. 6 sec. 1 lit. f GDPR;
• recruitment: in order to fulfill legal obligations related to the recruitment process (pursuant to: Article 6 (1) (c) of the GDPR); in order to recruit and conclude a contract with a candidate at his request (based on: Article 6 (1) (b) of the GDPR). As part of the recruitment processes, MARATHON expects the transfer of personal data (CV or curriculum vitae) only to the extent specified by law. If the candidate also provides other data not required by MARATHON in the recruitment advertisement, it is considered that he has consented to their processing (legal basis: Article 6 (1) (a), and such consent may be withdrawn by the candidate at any time, without affect the lawfulness of the processing carried out before its withdrawal. In the event that the submitted applications contain information inadequate to the purpose of recruitment,
• as required by law or in connection with pending legal proceedings or in connection with a request from a public authority (eg the Head of the Tax Office) to disclose information held by MARATHON, which is the legitimate interest of MARATHON within the meaning of Art. 6 sec. 1 lit. f GDPR, and in the event of a request from an authorized public authority, compliance with the legal obligation of MARATHON;
• ensuring compliance of processing with the provisions of personal data protection and internal MARATHON regulations in this regard, which is the legitimate interest of MARATHON within the meaning of Art. 6 sec. 1 lit. f GDPR;
• sending commercial information or direct marketing by phone only with the express consent of the User (in accordance with Art. 6 (1) (a) in conjunction with joke. 10 of the Act on the provision of electronic services and art. 172 of the Telecommunications Law).
2. Providing personal data is voluntary, but failure to provide it will make it impossible to achieve the objectives referred to above.
V. Period of personal data storage by MARATHON
1. Personal data will be kept by MARATHON for the period necessary to achieve the above-mentioned purposes, but not longer than required by the provisions of generally applicable law. The period of storage of personal data by MARATHON depends on the basis and purpose of their processing. MARATHON always informs about it before or during the collection of personal data.
2. MARATHON indicates that the personal data processed by MARATHON:
a) for the purpose of direct marketing, will be stored until the objection to the processing of this data is received.
b) on the basis of consent to the processing of this data, they will be stored until it is withdrawn.
c) With the use of cookies and similar technologies, they will be stored until they are deleted using the browser or device / device settings and object to their processing by the
User issuing an invoice) will be stored within the period required by these provisions, e.g. labor law, accounting law and tax law.
e) in order to provide services, including sales, they will be stored until MARATHON may establish, defend or pursue claims – in accordance with the generally applicable limitation periods for claims.

VI. Providing and entrusting the processing of personal data by MARATHON
1. MARATHON does not share, sell or disclose in any other way collected personal data, except for situations described in the Policy or when it results from generally applicable law.
2. MARATHON may entrust the processing of personal data to service providers acting on its behalf, in particular electronic, accounting, legal, courier and postal services related to the services provided by MARATHON.
3. MARATHON requires these service providers to comply with the law, to a high degree of privacy and security of personal data processed by them on behalf of MARATHON.

VII. Rights of persons whose data are processed by MARATHON
1. Within the limits of the law, the User has the right to access his personal data, in particular as a form of control over the processing of his personal data by MARATHON, in particular obtaining information about the purpose, scope and method of data processing.
2. Within the limits of the law, the User also has the right to change, supplement, rectify and update his personal data processed by MARATHON.
3. Within the limits of the law, the User also has the right to request deletion of his personal data processed by MARATHON.
4. If the processing of personal data is based on the consent of the User, he has the right to withdraw consent to the processing of his personal data by reporting it to MARATHON in any way. In such situations, MARATHON will adapt to the User’s decisions in relation to future activities, which means that the withdrawal of consent does not affect the lawfulness of the processing carried out before the consent is withdrawn.
5. The User has the right – in cases provided for by law – to request MARATHON to limit the processing of his personal data.
6. For reasons related to the specific situation of the User and within the limits of the law, the User has the right to object to the processing of his personal data by MARATHON based on the implementation of its legitimate interest.
7. Within the limits of the law, the User has the right to receive, in a structured, commonly used, machine-readable format, his personal data provided by MARATHON, and the right to send this personal data to another administrator without any obstacles on the part of MARATHON. However, MARATHON will only do so if such a message is technically possible. The right to transfer personal data applies only to the data processed by MARATHON on the basis of an agreement concluded with the User or on the basis of his consent.
8. The above rights may be exercised by sending an e-mail to the following address: rodo@emarathon.eu
9. If it is found that the processing of personal data by MARATHON violates the law, the User may submit a complaint to the supervisory body, in the case of the Republic of Poland – the President of the Personal Data Protection Office.

VIII. Cookies and analyzing software
1. Using the Website may require providing your data, such as information from cookies. Cookies contain little information and are downloaded to a computer or other device by the server operating the Website. The web browser used by the User sends them back to the Website each time the User uses it, thanks to which the server recognizes the User and remembers, for example, his preferences (visits or previous activities). However, cookies may collect information about the User (e.g. about the language, country and previously viewed pages) each time the Website is visited.
2. Marathon can use the so-called persistent cookies ”(persistent cookies). Session cookies are temporary files that are stored on the User’s end device until logging out, leaving the website or turning off the software (web browser). Persistent cookies are stored on the User’s end device for the time specified in the cookie file parameters or until they are deleted by the User.
3. By using the Website, the User may consent and freely modify the rules for placing the cookies described above on his device. The consent to the processing of “cookies” is voluntary. The User, even in the case of its initial expression, e.g. during the first visit to the Website, can, however, always control the installed cookies. However, deleting or blocking cookies may affect the way you use the Website, as some of its areas may become inaccessible.
4. The above control is performed using the browser settings. Information on modifying browser settings, blocking and filtering cookies can be found at: <aboutcookies.org>. Most often, the browser settings by default allow the placement of “cookies” on the end device. If the User does not agree to the saving of these files, it is necessary to change the settings of the web browser accordingly, including the referral contained in the cookie notification, which is displayed during the first visit to the Website. It is possible to disable the saving of “cookies” for all connections from a given browser or for a specific website, and also to delete them. The method of managing cookies depends on the software used,
5. MARATHON, its service providers and business partners collect certain information through automated means, such as cookies, while browsing the Site. The information collected in this way may include: IP address, browser type, operating system, visited URLs, as well as information on activities performed on the Website.
6. MARATHON uses persistent cookies only to test the functionality of the Website, also after the end of the session by the User. In the case of session files, they are stored until the end of a given User’s session.
7. MARATHON may use cookies used by Google Inc. 1600 Amphitheater Pkwy, Mountain View, CA 94043, United States as part of the services:
a) Google Analytics – they allow to assess the quality of advertising campaigns carried out using the Google Adwords service, as well as to study the behavior and traffic of Users and to prepare traffic statistics,
b) Google Maps – they allow for the storage of information about the User that allows the use of map functionalities available as part of the Google Maps service. Google Inc. may track the User’s location,
c) YouTube – they allow for the storage of information about the User, which enables the use of the functionality of the YouTube service. Google Inc. can track the playback of videos by the User.
Marathon recommends that you read the privacy policies of the above-mentioned entities to learn the rules of using cookies used in statistics: https://marketingplatform.google.com/about/.
8. For convenience and to provide additional information, the Website may contain links to websites administered by entities independent of MARATHON, eg Facebook, Instagram, LinkedIn, Twitter. They may have separate clauses or privacy policy. MARATHON encourages you to read their content. In relation to any sites linked from the Site that are not owned or controlled by MARATHON, MARATHON shall not be responsible for their content, use by the User, or any protection policies that apply to them. confidentiality of information.
9. Information about some of the Users’ behaviors is subject to logging in the server layer. These data are used to administer the website and to ensure the most efficient service provided. The browsed resources are identified by URL addresses. As part of the User’s use of the Website, information may be obtained on the time of arrival of the inquiry, time of response, name of the client’s station – in the case of identification carried out by the HTTP protocol, the URL of the page previously visited by the User (referrer link) – in the case of the Website was accessed via a link, information about the User’s browser and his IP address. Marathon points out that although it does not process this data for this purpose,

IX. Policy changes and updates
1. The Policy may be modified from time to time. The modifications are intended to take into account changes in the MARATHON practices regarding the handling of personal data and to strengthen the personal data protection system in MARATHON.
2. Significant changes to the Policy will be signaled by clearly visible messages posted on the MARATHON website. At the top of the page with the content of the Policy, there will be information about the date of its latest update.

X. Contact
The User may contact MARATHON at any time to obtain information on whether and how MARATHON uses or intends to use its personal data, as well as in case of any questions or comments about the Policy.