Privacy Policy for COTT Electronics Sp. z o.o. (www.cott.tv)

1. Introduction

COTT Electronics Sp. z o.o. ("we", "us", or "our") operates the website www.cott.tv. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services. We are committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) and Polish data protection laws, including the Act on Personal Data Protection (Ustawa o ochronie danych osobowych) and the Act on Electronic Services (Ustawa o świadczeniu usług drogą elektroniczną).

Data Controller: COTT Electronics Sp. z o.o., Mikołaja Kopernika 30 / 11A, 00-336 Warszawa, Polska, KRS: 0001019972, NIP: 5252944045, REGON: 524484765.

2. Information We Collect

We may collect and process the following types of personal data:

2.1 Personal Identification Information:

• Name and surname
• Email address
• Phone number
• Company name (for business customers)
• Hotel name and number of rooms
• Job title and department

2.2 Billing and Payment Information:

• Billing address
• Payment card details (processed securely through PCI-DSS compliant payment processors)
• Invoice information
• Tax identification numbers (for business customers)

2.3 Technical Data:

• IP address
• Login data and authentication tokens
• Browser type and version
• Time zone setting and location data
• Browser plug-in types and versions
• Operating system and platform
• Device information

2.4 Usage Data:

• Information about how you use our website and services
• Pages visited and time spent on pages
• Interactions with features and content
• Service usage patterns and preferences
• Error logs and performance data

2.5 Marketing and Communications Data:

• Your preferences in receiving marketing from us
• Your communication preferences
• Subscription preferences for newsletters and promotional materials

2.6 Cookies and Tracking Technologies: We use cookies and similar tracking technologies to track activity on our website and hold certain information. For detailed information about our use of cookies, please see Section 10 below.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR Article 6:

• Contract Performance (Article 6(1)(b)): To perform our contract with you and provide our IPTV services
• Legal Obligation (Article 6(1)(c)): To comply with legal obligations, such as tax and accounting requirements under Polish law (Ustawa o rachunkowości)
• Legitimate Interests (Article 6(1)(f)): For our legitimate business interests, such as improving our services, security, fraud prevention, and marketing (where permitted)
• Consent (Article 6(1)(a)): Where you have given clear consent for specific processing activities, such as marketing communications

4. How We Use Your Information

We use the information we collect for the following purposes:

• Service Provision: To provide and maintain our IPTV and cloud-based services for the hospitality industry
• Account Management: To manage your account, subscriptions, and user access
• Billing and Payments: For billing, payment processing, and invoice generation in compliance with Polish and EU financial regulations, including VAT requirements
• Customer Support: To provide customer service and support, including responding to inquiries, requests, and technical issues
• Service Improvement: To improve our website, services, and user experience through analytics and feedback
• Personalization: To personalize your experience and provide relevant content and recommendations
• Marketing: To communicate with you about our services, promotions, and updates (where you have provided consent or where permitted by law)
• Legal Compliance: To comply with legal obligations under Polish and EU law, including data protection, tax, and accounting requirements
• Security: To ensure the security of our services, prevent fraud, and protect against unauthorized access
• Dispute Resolution: To resolve disputes and enforce our agreements

5. Disclosure of Your Information

We may share your personal data with the following categories of recipients:

5.1 Service Providers: We work with third-party service providers who assist us in operating our website, conducting our business, or serving our users, including:

• Payment processors (subject to PCI-DSS compliance)
• Cloud hosting and infrastructure providers
• Email service providers
• Analytics and marketing service providers
• Customer support platforms

All service providers are bound by strict data processing agreements (DPAs) as required by GDPR Article 28, ensuring they process your data only in accordance with our instructions and applicable data protection laws.

5.2 Business Partners: We may share data with business partners, suppliers, and subcontractors for the performance of any contract we enter into with you, such as third-party IPTV content providers, under appropriate data processing agreements.

5.3 Legal Authorities: We may disclose your information to authorities and law enforcement officials if required by law, court order, or to protect our legal rights, in accordance with Polish and EU law.

5.4 Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your data may be transferred to the acquiring entity, with appropriate safeguards for your data as required by GDPR.

5.5 With Your Consent: We may share your information with other parties when you have given us explicit consent to do so.

6. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions by the European Commission
• Other appropriate safeguards as required by GDPR Chapter V

You can obtain more information about the safeguards we use for international transfers by contacting our Data Protection Officer.

7. Data Security

We implement a variety of technical and organizational security measures to maintain the safety of your personal information, in compliance with GDPR Article 32 requirements, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Access controls and authentication mechanisms
• Regular security assessments and vulnerability testing
• Employee training on data protection
• Secure data centers with physical security measures
• Regular backups and disaster recovery procedures
• Incident response and breach notification procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security.

8. Your Rights Under GDPR

Under the GDPR and Polish data protection law, you have the following rights:

• Right of Access (Article 15): You have the right to access and obtain a copy of your personal data and information about how it is being processed
• Right to Rectification (Article 16): You have the right to request the correction of inaccurate or incomplete personal data
• Right to Erasure / "Right to be Forgotten" (Article 17): You have the right to request the deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purpose it was collected
• Right to Restrict Processing (Article 18): You have the right to restrict the processing of your personal data in certain cases, such as when the accuracy of the data is contested
• Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller
• Right to Object (Article 21): You have the right to object to the processing of your personal data in certain circumstances, such as for direct marketing purposes
• Right to Withdraw Consent: Where we rely on consent to process your data, you have the right to withdraw consent at any time
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, such as the Polish Data Protection Authority (UODO), if you believe your rights have been violated

To exercise any of these rights, please contact our Data Protection Officer at gdpr@cottelectronics.com. We will respond to your request within one month, as required by GDPR Article 12(3).

9. Data Retention

We will retain your personal data only for as long as necessary for the purposes set out in this Privacy Policy, or as required by Polish and EU law. Our retention periods are based on:

• Contract Duration: Data related to active subscriptions is retained for the duration of the contract and for a reasonable period thereafter
• Legal Obligations: Billing and accounting information may be retained for up to 5 years to comply with Polish tax regulations (Ustawa o rachunkowości) and VAT requirements
• Legal Claims: Data may be retained longer if necessary for the establishment, exercise, or defense of legal claims
• Consent: Marketing data is retained until you withdraw consent or object to processing

When personal data is no longer needed, we will securely delete or anonymize it in accordance with our data retention policies and GDPR requirements.

10. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies in accordance with the Polish Electronic Communications Law (Ustawa Prawo telekomunikacyjne) and the ePrivacy Directive (Directive 2002/58/EC). We use the following types of cookies:

10.1 Essential Cookies: These cookies are necessary for the website to function properly and cannot be switched off. They are usually set in response to actions made by you, such as setting privacy preferences or filling in forms.

10.2 Analytics Cookies: These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously.

10.3 Marketing Cookies: These cookies are used to track visitors across websites to display relevant advertisements.

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our website. For more information about our use of cookies, please contact us.

11. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly, in accordance with GDPR Article 8 and Polish law.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date at the top of this Privacy Policy
• Sending you an email notification (where required by law or where we have your email address)
• Displaying a prominent notice on our website

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

Data Protection Officer:
Email: gdpr@cottelectronics.com
Phone: +48 22 1530505

Supervisory Authority:
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Polish Data Protection Authority (UODO - Urząd Ochrony Danych Osobowych):