PERSONAL DATA ADMINISTRATOR
The administrator of Personal Data is Inventia Sp. z o. o. with its registered office in Warsaw (02-822), ul. Poleczki No. 23, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court in Warsaw, 13th Commercial Division of the National Court Register under KRS number 0000023113, with a share capital of PLN 50,000, NIP 9512017534, REGON 017311391, hereinafter referred to as the "Administrator".
SCOPE OF PROCESSED DATA
Personal data means information about a specific or identifiable natural person (the website user).
This includes direct information about you, such as:
- name and surname;
- e-mail address;
- company name;
- company address;
- VAT ID number;
- telephone number;
- IP address.
PURPOSE OF DATA PROCESSING WITH LEGAL BASIS
Your data may be processed by the Administrator based on:
- Necessity to perform the contract or to take action before its conclusion (Article 6(1)(b) of the GDPR), including consideration of complaints or handling of the User Account.
- consent (Article 6(1)(a) of the GDPR), in order to:
- provision of the newsletter service;
- using the contact forms on the website;
- conducting the Administrator's marketing;
- sending surveys regarding the Administrator's products or services;
- sending surveys to measure customer satisfaction;
- the Administrator's legitimate interest (Article 6(1)(f) of the GDPR), in order to:
- defense against possible claims, where the Administrator's legitimate interest is to pursue or defend claims;
- creating a list of contractors.
We process your data only if you give your consent or to the extent permitted by law. On the website, we do not collect or process identification data to transfer or sell them to third parties for marketing purposes, and we do not send messages on behalf of third parties.
Personal data may be transferred to entities processing them at the request of the Administrator based on contracts concluded with the Administrator, but only for the purpose and to the extent necessary to achieve the purposes listed in the paragraph PURPOSE OF DATA PROCESSING WITH LEGAL BASIS, and such entities process data only following the Administrator's instructions.
If the transfer of personal data to an external service provider is necessary for the implementation of the above purposes, the Administrator will ensure, using appropriate technical and organizational measures, the compliance of personal data processing with the provisions of the law on the protection of personal data (GDPR). In addition, the Administrator will oblige external service providers to comply with applicable data protection laws, to maintain the confidentiality of such personal data, and to delete them without undue delay when they are no longer needed.
Personal data may be transferred to the following recipients or categories of recipients:
- service providers supplying the Administrator with technical, IT, and organizational solutions, enabling the Administrator to run a business, including a website (in particular, e-mail and hosting providers, marketing activities, sending the Newsletter, and providing technical assistance to the Administrator);
- marketing service providers - marketing agencies providing the Administrator with support in marketing activities;
- providers of accounting, legal, advisory, and translation services providing the Administrator with accounting, legal, advisory, or translation support (in particular an accounting office, law firm, or translation agency).
We may transfer data to entities in countries based outside the European Union (EU) or the European Economic Area (EEA) (so-called third countries) that act on behalf of the Administrator as an entity processing data on commission (e.g. IT service providers or computing centers ).
Then the Administrator verifies whether a decision of the EU Commission on the appropriate level of data protection applicable there is available for a given country. If no adequacy decision by the EU Commission is available for a particular country, we enter into contracts following the EU Data Protection Guidelines which ensure that your rights and freedoms are adequately protected and guaranteed. In addition, we do not transfer personal data to other countries outside the EU or EEA or to international organizations.
SOCIAL MEDIA PLUGINS
Personal data is only transferred to social networks when you take the active action of clicking on the relevant page element containing a link to social media. After clicking on the link, the web browser will start connecting to the servers of the given social networking site, and you will be redirected to the website of the external service provider, i.e. the owner of the given social networking site. At the same time, the web browser will establish a direct connection with the servers of the selected social networking site. The use of these features may involve the use of third-party cookies. From the moment you click on a given link, personal data is processed on the social networking site, and the owner of the social networking site becomes a co-administrator of personal data. The Administrator informs that from the moment of actively clicking the plug-in button, the Administrator does not influence the nature and scope of personal data collected by the owner of a given social networking site.
The data is sent regardless of whether you have an account on a given social network or whether you are logged in. If you are logged in to a given social platform, the collected personal data will be directly assigned to the account (profile) used.
If you are a user of a particular social network and you do not want that social network to collect data through this website or application and combine this data with member data stored on the social network, please log out of the social network before visiting the website or application.
Details on individual privacy policies are available here:
YouTube: YouTube Privacy Settings - How YouTube Works
DATA STORAGE PERIOD
Personal data provided to us by you will be stored for the period required for the purposes for which they were collected or resulting from the law.
To implement the rights described below, please contact email@example.com.
The right to access your data
You have the right to obtain information about the personal data we hold about you, including a copy of this data.
The right to correction of the user's data
You have the right to request correction of your data that is incorrect. Taking into account the purposes of the processing, you have the right to request supplementation of incomplete personal data, including by submitting an additional statement.
The right to delete your data
You have the right to request the erasure of your data stored by us in the following cases:
- Your data are no longer necessary for the purposes for which they were collected;
- You have withdrawn your consent on which the processing is based and there is no other legal basis for the processing;
- You have objected to the processing and there are no overriding legitimate grounds for the processing;
- Personal data has been processed unlawfully;
- Personal data must be deleted to comply with a legal obligation provided for in European Union or national law;
- Personal data has been collected in connection with the offering of information society services referred to in art. 8 sec. 1 GDPR.
Right to data portability
You have the right to receive, in a structured, commonly used, readable format, personal data concerning you that you have provided to us if the processing of such data is based on consent or a contract and in an automated manner. If you request that these data should be sent to another data controller, this will be done, provided that it is technically possible.
The right to limit the processing of user data
You have the right to request that the processing of your data be restricted in the following cases:
- You question the correctness of the personal data - for a period enabling us to check the correctness of this data;
- The processing is unlawful and you oppose the deletion of personal data, requesting the restriction of their use instead;
- We no longer need your data for the processing, but you need them to establish, pursue or defend claims;
- You have filed an objection according to Art. 21 sec. 1 regarding processing - until it is determined whether the legitimate grounds on the part of the administrator override the grounds for objection.
The right to object to the processing of your data
If your data is processed based on the legitimate interest of the Administrator, you have the right to object to the processing at any time, following Art. 21 GDPR.
The right to withdraw consent to the processing of the user's data
You have the right to withdraw your consent to the processing of personal data at any time. Revocation of consent to the processing will not affect the lawfulness of the processing that was carried out before its withdrawal.
The right to report violations of the provisions of the GDPR
The security of personal data is our priority, however, if you consider that by processing your data we violate the provisions of the GDPR, you have the right to lodge a complaint with the President of the Office for Personal Data Protection.
The Administrator may automatically adjust certain content to your needs, i.e. perform profiling, using the personal data provided by you. If profiling could result in making decisions that have legal effects on you or affect you in a similarly significant way, the Administrator will carry them out only if you consent to it.
The Administrator has implemented generally accepted standards of technical and organizational security to protect personal data and information against loss, misuse, change, and destruction. In particular, we ensure compliance with all relevant confidentiality obligations and technical and organizational security measures to prevent unauthorized and unlawful disclosure and processing of such information and data and their accidental loss, destruction, or damage. Only authorized employees or associates of the Administrator who have committed to keeping the data confidential have access to personal identification data.
The administrator tries to ensure that data processing is based on the following rules:
- Lawfully, fairly, and transparently;
- Collected for specific and legitimate purposes and not further processed in a manner inconsistent with these purposes;
- Adequate, relevant, and limited to what is necessary for relation to the purposes for which they are processed;
- Correct and update as necessary;
- Kept in a form that allows identification of the data subject for a period not longer than it is necessary for the purposes for which the data is processed;
- Processed in a manner that ensures adequate security of personal data;
- Kept and processed in a manner that ensures the implementation of the rights that data concerns.
Your data is stored by the Administrator in a secure operating environment, without public access to it. It is a relational database hosted in the cloud of Amazon Web Services, Inc. within the European Union. User data is secured and passwords are encrypted.
The Regulations come into force on 01-03-2023.