Performing the information obligation in the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016. Please be advised that the administrator of your data is Auto.Social with headquarters in Barrow-in-Furness, Cumbria LA14 1NB (UK).
2. The controller of personal data of Users and Service Providers pursuant to the provisions of the Regulation (EU) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation (hereinafter referred to as: ("GDPR") Auto.Social.. with its registered office in Gdynia (81-356), ul. Starowiejska 16/2, (hereinafter referred to as the "Data Controller").
3. The User and the Service Recipient are entitled to access, rectify and update their personal data as well as to restrict their processing to the extent specified in Articles 16-18 of the GDPR. For that purpose, please contact Customer Service Centre or ticket sales office by phone: 0161 638 3695 or e-mail: .
4. The provision of personal data of the User and Service Recipient is voluntary, yet indispensable for the implementation of objectives mentioned in point 5 below by the Data Controller.
5. Personal data of Service Recipients and Users are processed by the Data Controller only to the extent necessary for the following purposes: a. provision of services available via https://auto.social/ including registration, access to user panel and usage of services;
b. handling of the complaint procedure and the claim pursuance procedure if necessary;
c. marketing of the Administrator's products/services;
d. dispatch of the newsletter;
e. performance of the services relating to Auto.Social products in favour of the User;
f. exercise the rights and duties resulting from the participation in the loyalty programs;
g. ensure compliance with the provisions on the protection of personal data, in particular the GDPR;
h. implementation of duties by the Data Controller pursuant to the binding provisions law.
6. Personal data of Service Recipients and Users shall be stored for a period not longer than necessary for the purpose for which they were collected.
7. The Data Controller may transfer personal data of Service Recipients and Users to other persons, authorities, institutions and carriers that are authorised to receive such information in connection with applicable legal provisions and international agreements, or when such transfer of data is necessary for the fulfilment of legally justified goals being pursued by the Data Controller or data recipients.
8. On the basis of the written agreement concluded in compliance with Article 28 of the GDPR, the Data Controller shall be entitled to entrust the processing of personal data of Service Recipients and Users to entities providing hosting and newsletter services to the Data Controller for the purpose of activities related to the hosting, administration, maintenance and management of https://auto.social/. The Controller may, in a manner mentioned in the preceding sentence, entrust the processing of personal data of Service Recipients to other entities that also effect the guarantees in compliance with the right to process, and in the event when it is necessary to perform the duties of the Data Controller resulting from the binding provisions of law or agreement.
9. The Data Controller assures that it makes every effort to process personal data with highest regard for the privacy of persons whose data are processed and with highest care for the safety of processed personal data. In particular, the Data Controller assures that it has undertaken any legally available measures aimed at the protection of data collections to be processed by it, including in particular:
a. use of technical and organisational measures ensuring the protection of processed personal data relevant to threats and categories of protected data;
b. protection of data against their disclosure to unauthorised persons, appropriation by an unauthorised person, unlawful processing and amendment, loss, damage or destruction;
c. keeping of documentation describing the manner of data processing and the measures referred to above;
d. data may be processed only by persons authorised by the Data Controller;
e. ensuring the control of what data are entered into the collection, when and by whom and to whom they are transferred;
f. keeping of a record of persons authorised to process personal data.
10. The Data Controller uses particularly the following measures that prevent unauthorised persons from obtaining access to information and personal data being processed via https://auto.social/:
a. Cryptographic measures (VPN tunnel and encrypted SSH connection);
b. Authentication by means of RSA and DSA keys.
11. Special threats related to the use of a service provided by electronic means: obtaining of unauthorised access to information concerning the Service Recipient or the User.
12. Personal data may be transferred to countries outside the European Economic Area (EEA) in compliance with the principles outlined in Chapter 5 of the GDPR.
To contact the Data Controller, send an e-mail to: