§1. Personal data controller
- The controller of personal data within the meaning of Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016. on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (RODO) is Łukasz Filipowski doing business under the name MindCode Łukasz Filipowski at the address Centralna 248, 32-048 Jerzmanowice, NIP: 5130258231, REGON: 382149482.
- Contact details of the data controller:
- telephone: +48 786 886 775,
- email address: firstname.lastname@example.org.
- Administrator in accordance with art. 32 par. 1 RODO, observes the principles of personal data protection and applies appropriate technical and organisational measures to prevent accidental or unlawful destruction, loss, modification, unauthorised disclosure or unauthorised access to personal data processed in connection with the conducted business activity.
- Providing personal data is voluntary, but necessary in order to establish cooperation and/or conclude an agreement with the data controller.
- The data controller processes personal data only to the extent necessary for the proper provision of services or to take action at the request of the data subject.
§2. Purpose and grounds for processing personal data
The controller processes personal data for the following purposes:
- prepare a commercial offer in response to the customer’s interest, which is a legitimate interest of the data controller (Article 6(1)(f) of the RODO);
- providing services electronically via the Website, on the basis of an agreement concluded (Article 6(1)(b) of the RODO);
- service of the complaint process, on the basis of the obligation incumbent on the data controller in connection with the applicable legal provisions (Article 6(1) lit. c RODO);
- accounting related to the issuance and acceptance of settlement documents, based on the provisions of tax law (Article 6(1)c of the DPA);
- archiving data for possible establishment, investigation or defence against claims or the need to prove facts, which is a legitimate interest of the data controller (Article 6 1(f) of the RODO);
- contact by telephone or email, in particular in response to enquiries made to the controller, which is a legitimate interest of the controller (Article 6(1)(f) RODO);
- sending technical information regarding the functioning of the Website and the services used by the Customer, which is a legitimate interest of the data controller (Article 6(1)(f) of the RODO);
- marketing of the data controller’s own products, which is its legitimate interest (Article 6(1)(f) of the RODO) or takes place on the basis of previously granted consent (Article 6(1)(a) of the RODO).
§3 Data recipients. Transfer of data to third countries
- The recipients of the personal data processed by the controller may be entities cooperating with the controller, when this is necessary for the performance of a contract concluded with the data subject.
- The recipients of personal data processed by the data controller may also be subcontractors – entities whose services are used by the data controller to process the data, e.g. accounting offices, law firms, entities providing IT services (including hosting services).
- The data controller may be obliged to disclose personal data on the basis of applicable law, in particular to disclose personal data to authorised state authorities or institutions.
- Personal data will not be transferred to an entity located outside the European Economic Area.
§4. Personal data retention period
- The data controller shall store personal data for the duration of the agreement concluded with the data subject and after its termination for purposes related to the assertion of claims related to the agreement, the performance of obligations arising from applicable laws, but for no longer than the period of limitation under the provisions of the Civil Code.
- The data administrator shall store personal data contained in settlement documents (e.g. invoices) for the period of time indicated by the provisions of the Goods and Services Tax Act and the Accounting Act.
- The data controller stores personal data processed for marketing purposes for a period of 10 years, but no longer than until you withdraw your consent to data processing or object to data processing.
- The data controller shall store personal data for purposes other than those indicated in paragraphs 1-3 for a period of 3 years, unless consent to data processing has been previously withdrawn, and data processing cannot be continued on any other basis than the consent of the data subject.
§5. Rights of the data subject
1. Every data subject has the right:
- access – to obtain confirmation from the controller as to whether his or her personal data are being processed. If data about a person are processed, he/she is entitled to access them and obtain the following information: about the purposes of the processing, the categories of personal data, information about the recipients or categories of recipients to whom the data have been or will be disclosed, the period of data storage or the criteria for their determination, the data subject’s right to request rectification, erasure or restriction of processing of personal data and to object to such processing (Article 15 RODO);
- to obtain a copy of the data – to obtain a copy of the data undergoing processing, whereby the first copy shall be free of charge, and for subsequent copies the controller may charge a reasonable fee arising from the administrative costs (Article 15(3) RODO);
- to rectify – to request the rectification of personal data concerning her that is inaccurate or the completion of incomplete data (Article 16 RODO);
- to erasure – to request the erasure of his/her personal data if the controller no longer has a legal basis for processing them or the data are no longer necessary for the purposes of the processing (Article 17 RODO);
- to restrict processing – to request restriction of processing of personal data (Article 18 RODO) when:
– the data subject challenges the accuracy of the personal data – for a period allowing the controller to verify the accuracy of the data,
– the processing is unlawful and the data subject opposes their erasure by requesting the restriction of their use,
– the controller no longer needs the data, but they are needed by the data subject to establish, assert or defend a claim,
– the data subject has objected to the processing – until such time as it is established that the legitimate grounds of the controller override the grounds of the data subject’s objection;
- to data portability – to receive in a structured, commonly used machine-readable format the personal data concerning him/her which he/she has provided to the controller, and to request that these data be sent to another controller, where the data are processed on the basis of the data subject’s consent or a contract concluded with him/her and where the data are processed by automated means (Art. 20 RODO);
- to object – to the processing of his/her personal data for the legitimate purposes of the controller, on grounds relating to his/her particular situation, including profiling. The controller shall then assess the existence of valid legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defence of claims. If, according to the assessment, the interests of the data subject outweigh the interests of the controller, the controller shall be obliged to cease processing for these purposes (Article 21 of the RODO).
- To exercise the aforementioned rights, the data subject should contact, using the contact details provided, the controller and inform him/her of which right and to what extent he/she wishes to exercise.
- The data subject shall have the right to lodge a complaint with the supervisory authority, which is the President of the Office for Personal Data Protection in Warsaw.
§6 Automated decision-making. Profiling
Personal data will not be processed by automated means or through profiling.
§7. Google Analytics
- Administrator uses Google Analytics, a web analytics service provided by Google Inc. („Google”), USA.
- The data will not be used to identify any individual.
- The user can prevent the storage of cookies through appropriate browser settings; however, in this case, the user will not be able to use the full functionality of the website. Furthermore, users may prevent the collection by Google of the data generated by the cookie and relating to their use of the website (including their IP address) as well as the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=pl.
- You may object at any time to the collection and processing of data relating to your use of the Google website by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
§8. Facebook pixel
- Administrator uses Facebook Pixel, an analytics tool that helps measure the effectiveness of ads based on analysis of actions taken by users on the site.
- Administrator uses Facebook’s Pixel tool in order to target the Client with personalised advertising on Facebook. This involves the use of Facebook cookies. The legal basis for the Administrator’s use of the Facebook Pixel tool is Article 6(1)(f) of the RODO.
- Administrator uses the HotJar analytics tool, which tracks user behavior undertaken on the Administrator’s websites.
- HotJar collects non-personal data, including standard internet protocol data and behavioural patterns, when a user visits a site. This is to enhance user experience, determine preferences, diagnose technical problems, analyse events and improve the website. The following information is collected in relation to your device and browser: your device’s IP address (this is collected and stored anonymously), screen resolution, device type (device identification elements), operating system and browser type, geographical location (country only), preferred language when viewing the website. The following information is collected in relation to user interaction: mouse operation (movements, position and clicks), keyboard input.
- HotJar also collects login data collected by the website randomly: indicating domain, pages visited, geographical location (country only), preferred language, date and time when pages were viewed.
- Visiting https://www.hotjar. com/opt-out and clicking „Disable HotJar,” the user can at any time reject the collection of their data through HotJar when visiting the website.