(current as of 01.06.2020)
I. GENERAL INFORMATION
II. PERSONAL DATA CONTROLLER
The Administrator of personal data is Webini sp. z o. o. with its registered office in Wrocław, ul. Szybowcowa 31, 54-130 Wrocław (Poland), entered into the Register of Entrepreneurs of the National Court Register, whose files are kept by the District Court in Wrocław, VI Commercial Department of the National Court Register, under the following KRS number: 0000609484, NIP: 8943075719, REGON: 36406892900000, hereinafter referred to as “Administrator“.
The Administrator is committed to protecting the privacy and confidentiality of the personal data of the users of the Site (“Users”) and carefully selects and applies appropriate technical and organizational measures to ensure the protection of personal data processed. The Administrator protects personal data from being made available to unauthorized persons, as well as from being processed in violation of applicable laws.
The controller shall process information about the User in accordance with the law, including in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter: GDPR).
The Administrator shall be entitled to process personal data belonging to the collections of third parties that have been made available to the Administrator exclusively on the basis of an entrustment agreement.
III. SCOPE, LEGAL BASIS AND PURPOSES OF PROCESSING PERSONAL DATA
We also process data about your activity in the Service, such as number of interactions with particular functions, amount of time spent in the Service, date and time of using the Service, technical information about the device through which you use the Service, ID of this device, its location. These data are processed for statistical purposes and in order to improve the quality of services and functionalities available in the Service, which constitutes a legitimate interest of the Administrator (Article 6(1)(f) GDPR).
Defence against and recovery of claims
Your data may be processed for the purpose of the Administrator’s defense against any possible claims or for the purpose of the Administrator’s asserting any claims related to your use of the Service – in such a case, the legal basis for data processing is the legitimate interest of the Administrator, consisting in the possibility of defending against claims or asserting claims (Article 6(1)(f) GDPR).
Processing in connection with an enquiry
Your data, which you provide to the Administrator for this purpose, may be processed in order to answer a question or solve a problem related to the use of the Service – in such a case, the legal basis for processing the data is the legitimate interest of the Administrator, consisting respectively in the necessity to answer your inquiry (Article 6(1)(f) GDPR).
Processing for the purpose of fulfilling the legal obligation imposed on the Administrator
In some cases, we will have to process your data because we are required by law to do so. This will apply, for example, in the case of settlement of any services provided against payment or when we will deal with your complaint regarding the services available within the Service. In such cases the basis for processing will be (Article 6(1)(c) GDPR)
IV. THE RETENTION PERIOD FOR PERSONAL DATA
The personal data processed to respond to your inquiry will be processed for the period necessary to process your inquiry. If certain messages may constitute or constitute evidence in proceedings before a court or other authority, they will be kept until the end of the statute of limitations on possible claims or until the legal termination of proceedings, if any, is initiated, whichever is later.
The data that will be processed in order to fulfil the obligation imposed on the Administrator under the law will be stored until this obligation is fulfilled, unless the law requires further storage of such data.
The data processed for the purpose of the legitimate interest of the controller, in particular statistical and analytical data, shall be processed until the User effectively opposes their processing.
The data processed for the purpose of sending the newsletter will be stored until you withdraw your consent to the processing of data for this purpose.
Data will also be deleted when they are no longer necessary for the purposes for which they were collected. However, the information necessary to prove that the User has agreed to process the data for a specific purpose will be processed for a period of 3 years from the date of completion of the processing of these data.
V. SHARING DATA WITH OTHERS. RECIPIENTS OF THE DATA.
In order to protect your personal data against accidental or unlawful disclosure to unauthorized persons, taking away by unauthorized persons, destruction, loss, damage or alteration, and processing not in compliance with the law, the Administrator uses technical and organizational measures to protect data processing.
All personal data processed by the Administrator can be accessed only by authorized employees or collaborators of the Administrator and external entities providing particular services to the Administrator related to the Service, to whom these data have been entrusted and which have been obliged to keep secret all personal data of Users to whom they have access. Your data made publicly available within the Service may be visible by other Users.
Your data may be entrusted to trusted partners of the Service, a list of which can be found below:
Personal data of the Service users may be made available to entities entitled to receive them under the applicable law, including competent state authorities.
VI. USER RIGHTS
The user who provided personal data has the following rights:
- access to your data,
- to correct the data,
- modification of data,
- restriction of data processing,
- deletion of data,
- transfer of data, processed by automated means on the basis of the user’s voluntary consent, or processed by automated means if their processing is necessary for the performance of a contract to which the data subject is a party or to take action at the request of the data subject prior to entering into a contract.
The User also has the right to object to the Administrator’s processing of personal data at any time when:
- this processing is for the purpose of direct marketing – if you exercise this right, we will immediately stop processing your personal data for this purpose,
- this processing is carried out in order to pursue the Administrator’s legitimate interest – if the User exercises this right, we will immediately cease processing his or her personal data unless we can demonstrate that there are valid legal grounds for further processing overriding the interests, rights or freedoms indicated by the User.
If the User uses one of the above rights, the Administrator shall immediately take action to remove any inconsistencies in the processing of personal data.
Furthermore, if the processing of personal data is based on consent, the User is entitled to withdraw consent to the processing of personal data. Consent may be withdrawn at any time, without prejudice to processing activities carried out before withdrawal of consent.
In order to exercise the rights referred to above, you may contact the Administrator by e-mail at the e-mail address email@example.com, or by post at the address:
Webini sp. z o.o.
ul. Szybowcowa 31,
Moreover, the User has the right to lodge a complaint with the supervisory authority (the President of the Office for the Protection of Personal Data) if he considers that the data processing by the Administrator violates the provisions of the applicable law, in particular the provisions of the GDPR.
Data contained in cookies will be stored for the period of the life cycle of these files on your device.
This website uses features offered by Google (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) which may analyse certain information about you.
Google LLC is headquartered in the USA and uses an IT infrastructure located in the USA to process data, but has joined the EU-US-Privacy Shield programme. This means that Google has committed itself to ensuring that the level of protection of personal data required by the GDPR is adequate.
The processing of data within the scope of Google services takes place according to the following rules.
Google Web Fonts
The website uses the Web Fonts offered by Google. This means that your browser reads the relevant Web Fonts into the cache for the correct display of texts and fonts. This requires your browser to establish a connection with Google servers. As a result of this connection, Google obtains information that your IP address has been used to access the Service.
We use Google Web Fonts to maintain the visual uniformity of the Service, which results in greater readability for the recipient. The legal basis for making the IP address available is therefore our legitimate interest (Article 6(1)(f) of the GDPR).
Google Tag Manager
W ramach Serwisu używamy także Google Tag Manager, dzięki któremu zarządzamy prowadzonymi przez nas kampaniami reklamowymi. W związku z powyższym, gdy odwiedzasz nasz Serwis w Twoim urządzeniu pozostawiany jest plik cookie firmy Google, który na podstawie analizy odwiedzanych przez Ciebie witryn internetowych personalizuje reklamy, a także umożliwia monitorowanie efektywności tych reklam oraz analizę innych działań związanych z Twoją aktywnością w ramach Serwisu.
Processing of data by Google will only take place if you have given Google your consent to use your browsing history or use of applications and other information collected within your Google Account to personalize advertisements displayed on websites. This means that if you visit our Site while signed in with your Google Account, Google will use your information in a temporary connection with Google Analytics data to create target group lists for remarketing purposes.
You can deactivate the cookies used by Google for remarketing purposes at any time in the settings of your Google account: https://adssettings.google.com or from the relevant Website settings.
The basis of data processing within the Google Tag Manager service is our legitimate interest in optimizing the Service and marketing our products or services.
As part of the cookie settings on the Website or in your browser, you may not consent to the collection of the above data about you. Alternatively, you can install a browser plug-in at your address: https://tools.google.com/dlpage/gaoptout
The basis for the processing of data within the framework of Google Analytics is our legitimate interest in being able to create statistics for the improvement of the Service.
B. Facebook Pixel
As part of the Service we use marketing tools offered by Facebook Pixel service provided by Facebook Inc., 1601 S. California Ave. Palo Alto, CA 94304, USA.
Facebook Inc. is based in the USA and uses an IT infrastructure located in the USA to process data, but has joined the EU-US-Privacy Shield programme. This means that Facebook has committed itself to ensuring an adequate level of personal data protection as required by the GDPR.
Facebook Pixel tool allows you to personalize your behavior on the site, advertising on Facebook. Facebook Pixel collects information about your use of our website and the information thus collected may be transferred to Facebook servers in the USA.
The basis for the processing of data within the Pixel Facebook service is our legitimate interest in the optimisation of the Service and the marketing of our products or services.
As part of the Website’s cookie settings, you can decide that you do not agree to our use of Facebook Pixel in your case.
The service uses Mouseflow. This is an online analysis tool offered by Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark, which registers randomly selected individual visits to the Service (with a pseudonym of the IP address) and creates a register of mouse movements and clicks. The purpose of collecting this data is to randomly sample individual visits to the website. In order for us to use this service to improve the Service for the user’s reception (UX), which constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR, which also constitutes the legal basis for our processing of this data.
However, you can oppose the analysis with Mouseflow at any time by downloading and installing the opt-out cookie available at the following link: www.mouseflow.de/opt-out/
IX. USER AND CHILD DATA SECURITY
The Administrator undertakes to apply appropriate technical measures to achieve the highest possible level of security with regard to the User’s personal data, trying to prevent unauthorized access to the data.
The Administrator shall undertake to protect the data against accidental or unlawful access, destruction, loss, damage, alteration and processing in breach of the applicable law.
The Administrator declares that he will not knowingly collect and process personal data from persons under 16 years old without first obtaining the consent of their parents or other legal representatives.
If the Administrator receives information that he has unknowingly obtained personal data of a person under 16 years of age, the Administrator undertakes to immediately take action to stop processing the data and to delete them.
X. FINAL PROVISIONS
If you have any doubts about the content of this Policy, you can obtain an explanation by contacting us by e-mail at firstname.lastname@example.org or by mail at the address:
Webini sp. z o.o.
ul. Szybowcowa 31,