PRIVACY POLICY OF IDENTT SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ

Introductory provisions

  1. The addressees of the privacy policy are only natural persons who contact PDC (Personal Data Controller) by phone, e-mail, including via the contact form, as well as establishing cooperation as an external entity.
  2. The Administrator of personal data is IDENTT SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office in Wrocław, Romana Dmowskiego St. 17, 50-203 Wrocław, Poland, entered into the register of entrepreneurs kept by the District Court for WROCŁAW FABRYCZNA IN WROCŁAW, VI ECONOMIC DEPARTMENT OF THE NATIONAL COURT REGISTER under the number KRS: 0000586371 (hereinafter referred to as "PDC or PDA").
  3. You can contact PDC in writing at the following address: Romana Dmowskiego St. 17, 50-203 Wrocław, Poland or by e-mail to the following address: kontakt@identt.pl, by phone: +48 572 651 741.
  4. PDA has appointed a Data Protection Officer, who can be contacted by phone: + 48 572 651 741 or e-mail: iod@identt.pl
  5. The Privacy Policy contains information on the processing by PDA of personal data of people using or representing entities using the services provided by PDA, including people visiting PDA websites, in particular the Website in the domain https://identt.pl or the PDO social profiles (called hereinafter "Customers").
  6. PDA attaches great importance to the protection of the privacy and confidentiality of personal data entered or provided by clients, and with due diligence selects and applies appropriate technical and organizational measures to protect the personal data being processed.
  7. Only persons duly authorized by PDA have full access to the databases. PDC protects personal data against disclosure to unauthorized persons, as well as against their processing in violation of applicable law.
  8. Visitors can browse websites on websites run by PDC without registering and providing personal data.

Legal grounds for the processing of personal data
Personal data is processed by PDC in accordance with the law, including in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (hereinafter referred to as "GDPR") in order to:

  1. establishing business relations, including answering questions asked in connection with contacting customers (pursuant to Article 6 (1) (f) of the GDPR as the implementation of the legitimate interest of PDA);
  2. conclusion and performance of the contract for the provision of services by PDC (pursuant to Article 6 (1) (b) of the GDPR);
  3. providing the newsletter service on the terms set out in the regulations regarding newsletter services (pursuant to Article 6 (1) (b) of the GDPR);
  4. fulfillment of the legal obligations incumbent on PDC regarding tax and accounting obligations (pursuant to Article 6 (1) (c) of the GDPR in connection with tax and accounting regulations);
  5. keeping social profiles and informing customers through them about the activity of PDC, promoting the brand, services, building and maintaining the community related to PDC, and for communication via the available functionalities (pursuant to Article 6 (1) (f) of the GDPR as the implementation of a legitimate PDA interest);
  6. marketing of PDA services (Article 6 (1) (a) of the GDPR (consent)
  7. direct marketing (Article 6 (1) (f) of the GDPR (legitimate interest of the administrator)
  8. using the website of the Website and ensuring its proper operation (Article 6 (1) (f) of the GDPR Regulation (legitimate interest of the administrator) - processing is necessary for the purposes of the legitimate interests of the Administrator - consisting in running and maintaining the website of the Website)
  9. keeping statistics and analyzing traffic on the Website (Article 6 (1) (f) of the GDPR Regulation (legitimate interest of the administrator) - processing is necessary for purposes resulting from the legitimate interests of the Administrator - consisting in keeping statistics and analyzing traffic on the Website. improving the functioning of the Website
Providing personal data is voluntary, however, the consequence of not providing data will be the inability to establish a commercial relationship with PDC or use PDC services.
Withdrawal of consent prevents further provision of services by PDC. Withdrawal of consent does not affect the lawfulness of the processing which was carried out on the basis of consent before its withdrawal.

Basic rules for the processing of personal data

  1. The PDC applies the principle of minimization by processing personal data expressed in the GDPR only to the extent necessary to achieve the purposes for which they are collected. The purposes of collecting Customers' personal data as clearly defined are based on the provisions of law. PDA does not process personal data in a manner inconsistent with these purposes.
  2. PDC implements the clients 'rights regarding their personal data in accordance with the law, including the correctness of the clients' personal data and immediately responds to any requests for rectification or updating of data.
  3. PDA restricts the storage of personal data in accordance with the law, only to the period necessary to achieve the purposes for which they are collected, unless there are reasons that allow the extension of the period of data storage.
  4. If personal data is shared with other entities, it is done in a safe, contractually secured or otherwise compliant with applicable law. This applies in particular to external processors with whom PDC cooperates and with whom it concludes a separate contract for entrusting the processing of personal data, which is an attachment to the cooperation agreement.

Rights of data subjects
The PDA customer whose personal data is processed has the following rights:

  1. The right to access, rectify, limit, delete or transfer - the data subject has the right to request the Administrator to access his personal data, rectify it, delete ("the right to be forgotten") or limit processing and has the right to object to processing, and also has the right to transfer their data. Detailed conditions for the exercise of the above-mentioned rights are set out in Art. 15-21 of the GDPR Regulation.
  2. The right to withdraw consent at any time - a person whose data is processed by the Administrator on the basis of expressed consent (pursuant to art.6 par.1 lit.a) or art. 9 sec. 2 lit. a) of the GDPR Regulation), it has the right to withdraw consent at any time without affecting the lawfulness of the processing which was carried out on the basis of consent before its withdrawal.
  3. The right to lodge a complaint to the supervisory body - the person whose data is processed by the Administrator has the right to lodge a complaint with the supervisory body in the manner and mode specified in the provisions of the GDPR Regulation and Polish law, in particular the Act on the Protection of Personal Data. The supervisory body in Poland is the President of the Personal Data Protection Office.
  4. Right to object - the data subject has the right to object at any time - for reasons related to his particular situation - to the processing of his personal data based on art. 6 sec. 1 lit. e) (public interest or tasks) or f) (legitimate interest of the administrator), including profiling based on these provisions. In such a case, the administrator is no longer allowed to process this personal data, unless he demonstrates the existence of valid legally valid grounds for processing, overriding the interests, rights and freedoms of the data subject, or grounds for establishing, investigating or defending claims
  5. Right to object to direct marketing - if personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of his personal data for such marketing purposes, including profiling, to the extent which processing is related to such direct marketing.
The exercise of rights may also be carried out by sending an e-mail to kontakt@identt.pl with an indication of a specific request, in addition, the first name, surname, e-mail address (e-mail) of the Customer must be provided, as well as the scope of personal data to which it relates indicated request.
The customer also has the right to lodge a complaint with the supervisory body if he considers that the processing of personal data by PDC violates the provisions of applicable law.

Recipients of personal data

  1. Customer data may be transferred to entities authorized to receive them under applicable law, including the competent judicial authorities.
  2. Personal data may also be transferred to trusted recipients, such as: carriers, an entity servicing accounting, partners providing technical services (developing and maintaining IT systems and websites).
  3. As a rule, personal data is not transferred to a third country / international organization. However, personal data may be transferred to a third country / international organization, in particular if it is necessary due to the service ordered by the Customer.
  4. If, as part of the processing, personal data will be transferred to recipients in third countries (outside the European Economic Area), PDA verifies whether these entities guarantee a high level of protection of personal data being processed. These guarantees result in particular from the obligation to use standard contractual clauses PDApted by the Commission (EU) in the Decision on standard contractual clauses for the transfer of personal data to data processors established in third countries. The transfer of data may take place on the basis of a decision on the appropriate level of protection taken by the European Commission or on the basis of standard contractual clauses or on the basis of the express consent of the data subject.

Other information regarding data processing

  1. Personal data will be kept only for the period necessary to achieve the specific purpose for which they were collected, and after its expiry for the period necessary to secure or pursue any claims or fulfill the legal obligation of PDA (resulting from tax or accounting regulations).
  2. Personal data processed for the purpose of marketing own products or services on the basis of a legitimate legal interest will be processed until the Customer submits an objection.
  3. PDA uses IP addresses collected during internet connections only for technical purposes related to server administration. In addition, IP addresses are used to collect general, statistical demographic information (e.g. about the region from which the connection is made).
  4. PDA may process personal data in an automated manner, including in the form of profiling, however, automated processing will not lead to a decision that produces legal effects or similarly significantly affect the customer. This processing may affect the selection of displayed advertisements or the selection of products and services offered. The customer can receive special offers via personalized e-mail or internet advertising. PDC does not process personal data in a way that would involve making only automated decisions about the customer that have legal effects or similarly significantly affect him.

Cookies

  1. PDA uses cookies or similar technologies (hereinafter collectively: "cookies"), which should be understood as IT data, in particular text files, intended for the use of PDA websites and stored in the end devices of customers browsing the website. The information collected using cookies allows you to customize services and content to individual needs and preferences of users, as well as to develop general statistics on the use of websites by users. Data collected using cookies are collected only to perform specific functions for the benefit of customers and are encrypted in a way that prevents access by unauthorized persons.
  2. PDA uses, as a rule, two types of cookies - "session" and "permanent". Session cookies are temporary files that remain on the user's device until logging out, leaving the website or turning off the software (web browser). Permanent cookies are files that remain on the user's device for the time specified in the cookie parameters or until they are manually deleted by the user.
  3. The following types of cookies are used as part of PDA websites due to the necessity to provide services:
    1. necessary cookies, enabling the use of services available as part of the pages operated by PDA, in particular authentication cookies used for services that require authentication;
    2. cookies used to ensure security, in particular used to detect fraud in the field of authentication;
    3. performance cookies that enable the collection of information on how websites are used;
    4. functional cookies, enabling "remembering" the settings selected by the user and personalizing the user interface;
    5. advertising cookies, enabling the delivery of advertising content to users tailored to their interests.

Legal basis for the use of cookies

  1. The web browsing software (web browser) usually allows cookies to be stored on the end device by default. A customer browsing PDA websites may independently and at any time change cookie settings, specifying the conditions for their storage and access by cookies to his device. The above-mentioned changes to the settings can be made by the Customer using the web browser settings. These settings can be changed in particular in such a way as to block the automatic handling of cookies in the web browser settings or to inform about them each time cookies are placed on the Customer's device. Detailed information on the possibilities and methods of handling cookies is available in the software (web browser) settings.
  2. By using the pages maintained by PDA, without changing the cookie settings, you consent to the storage of cookies. The customer can always withdraw consent by changing the cookie settings.

Release 1.1 (02.01.2022)