1. DEFINITIONS

1.1. Controller or Pergamin – Pergamin sp. z o.o. based in Wrocław, ul. Robotnicza 42A,
53-608 Wrocław.

1.2. Personal data – information about a natural person identified or identifiable by one or
more specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, online identifier and information collected via cookies and other similar technology.

1.3. Customer – a User using the Application to whom the Controller provides the service of access to the Application for a fee, on the terms described in the Terms and Conditions.

1.4. Policy – this Privacy Policy.

1.5. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

1.6. Application – a web application provided by the Controller, available at www.my.pergam.in.

1.7. User – any natural person who has an Account in the Application, using one or more services or functionalities of the Application described in the Policy.

1.8. Other terms written in the Policy with a capital letter, are not defined in points 1.1. to 1.7. above, is given a meaning consistent with the definition adopted in the Terms and Conditions.

1.9. The provisions regarding the processing of Users’ Personal Data also apply to the Controller’s clients.

2. Data processing in connection with the use of the Application

2.1. In connection with the User’s use of the Website, the Controller collects data to the extent necessary to provide services electronically, as well as information about the User’s activity in the Application. Detailed rules and purposes for processing Personal Data collected when
the User uses the Application are described below.

3. Purposes and legal basis for data processing in the Application

USER REGISTRATION AND USE OF THE APPLICATION

3.1. Persons who register an Account in the Application are asked to provide the Personal Data necessary to create and operate the Account. Providing this data is required to create and operate an Account in the Application, and failure to provide it results in the inability to create an Account and use the Application.

3.2. Personal data of all persons using the Website (including the IP address or other identifiers and information collected via cookies or other similar technologies) are processed by the Controller for the purpose of:

3.2.7. in order to provide services related to maintaining and operating an Account in the Application, including the use of a free (test) Account, and in the event of submitting a complaint – also for the purpose of considering it – the legal basis for processing is the necessity of processing to perform the contract (Article 6(1) letter b GDPR);

3.2.8. for analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in conducting analyzes of Users’ activity and method of using the Account, as well as Users’ preferences in order to improve the functionalities used, such as also improving the quality of services provided, including developing the functionality of the Application, as well as User satisfaction surveys;

3.2.9. in order to possibly determine and pursue claims or defend against claims – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in the protection of his rights;

3.2.10. for marketing purposes of the Controller and other entities – the principles of processing Personal Data for marketing purposes are described in the MARKETING section.

3.3. The User’s activity in the Application, including his/her Personal Data, is recorded in system logs (a special computer program used to store a chronological record containing information on events and activities related to the IT system used to provide services by the Controller). The information collected in the logs is processed
primarily for purposes related to the provision of services. The Controller also processes them for technical and administrative purposes, to ensure the security of the IT system and to manage this system, as well as for analytical and statistical purposes – in this respect, the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) GDPR), consisting in providing and improving the
functionalities offered to Users.

3.4. In the event of concluding an agreement for the provision of services related to the use of functionalities available in the Application (creating, storing and signing Documents), the Controller processes this data on behalf of and for the benefit of the User, acting as a processor. Detailed conditions regarding the processing of personal data in connection with the provision of such services by the Controller are specified in the Terms and Conditions and in the Data Processing Agreement.

USE OF THE APPLICATION BY THE CUSTOMER

3.5. In the case of a User who is a Customer, the Personal Data of this Customer are processed – except for the situations referred to in the Section 3.1. – 3.3. above – also in order to fulfill the legal obligations incumbent on the Controller under generally applicable legal provisions, primarily in the scope of documenting the sale and delivering the sales document in connection with the contract concluded with the Controller, the obligations of which are referred to in particular in the accounting and tax law (Article 6(1)(c) of the GDPR).

3.6. In connection with concluding contracts for the provision of services related to the use of functionalities available in the Application (creating, storing and signing Documents) as part of its business activities, the Controller obtains from Customers data of persons involved in the implementation of such contracts (e.g. persons authorized to contact, persons representing the parties to the Document, etc.). The scope of data transferred is in each case limited to the extent necessary to perform the contract for the provision of services related to the use of functionalities available in the Application and usually does not include information other than name and surname and business contact details. Such Personal Data is processed in order to implement the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in enabling the correct and effective performance of the contract.

NEWSLETTER

3.7. By completing the registration form, the User may also wish to receive a newsletter containing marketing information about the Controller’s activities. In such a case, the Personal Data provided by the User as part of the application form, including name and e-mail address, will be processed by the Controller in order to send a newsletter containing commercial information about the Controller’s activities. Providing this data is necessary to send the newsletter, and failure to provide it results in the inability to receive it.

3.8. Personal data is processed for the purpose of:

3.8.7. enabling the User to become acquainted with the Controller’s current offer included in the newsletter – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in the implementation of the Controller’s marketing activities in the form of sending e-mail notifications to Users about interesting offers or content in connection with subscription to the newsletter;

3.8.8. possible determination and pursuit of claims or defense against claims – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in the defense of its economic interests.

4. DIRECT MARKETING

4.1. The Controller processes Users’ personal data in order to carry out marketing activities, which may consist in conducting activities related to direct marketing of own goods and services (sending commercial information by electronic means and telemarketing activities).

4.2. In such a case, the User’s Personal Data is processed in order to send marketing content to him through various channels, i.e. via e-mail, MMS / SMS or via telephone calls. Such actions are taken by the Controller only if the User has consented to them. The User may withdraw any of the consents granted at any time, e.g. by contacting
the Controller using the contact details indicated in Section 13 of the Privacy Policy.

5. Cookies and similar technology

5.1. Cookies are small text files installed on the User’s device. Cookies collect information that facilitates the use of the Application – e.g. by remembering information about the User, e.g. regarding logging in or language preferences. The Controller of data processed in connection with the use of cookies is Pergamin sp. z o.o. based in Wrocław. In the Application, the Controller uses its own files, which are installed directly by the Website. Third-party cookies- which are cookies from a domain other than the domain of the website being visited – are also used, primarily for the Controller’s analytical and advertising activities.

5.2. The Application uses cookies primarily to ensure the proper functioning of the website, remembering the User’s choices on the website – and if the User gives appropriate consent – also to analyze and track traffic in the Application.

5.3. Below you will find detailed information about the cookies that the Controller uses in the Application. The Controller regularly uses tools to scan the Application to determine what cookies are stored on the User’s device, so that the list of cookies used is as accurate as possible. The Controller uses the following categories of files: necessary, functional and analytical.

NECESSARY COOKIES

5.4. The Controller’s use of necessary cookies is necessary for the proper functioning of the Application. These files are installed in particular for the purpose of remembering login sessions or filling out forms, as well as for purposes related to setting privacy options.

5.5. The legal basis for data processing in connection with the use of essential cookies is the necessity of processing to perform the contract (Article 6(1)(b) of the GDPR).

5.6. If the User wants to obtain more information about individual files from this category, i.e. the name of individual cookies, description of operation, validity period and origin, click the “Manage cookies” button located in Section 7 of the Privacy Policy or the button with the same content available in footer of each subpage of the Application.
When the cookie banner appears, select the “Cookie settings” button and then expand the “Necessary cookies” list, then the “Details” button below.

FUNCTIONAL AND ANALYTICAL COOKIES

5.7. Functional cookies are used to remember and adapt the Application to the User’s choices, including: in terms of language preferences. Functional cookies may be installed by the Controller and its partners via the Application.

5.8. Analytical cookies enable obtaining information such as the number of visits and traffic sources to the Application. They are used to determine which pages are more or less popular and to understand how Users move around the Application by maintaining statistics on traffic within the Application. Data processing is carried out in order to improve the performance of the Application. The information collected by these cookies is aggregated and is not intended to identify you. Analytical cookies may be installed by the Controller and its partners via the Application.

5.9. The legal basis for the processing of Personal Data in connection with the use of functional and analytical cookies by the Controller is its legitimate interest (Article 6(1)(f) of the GDPR), consisting in ensuring the highest quality of services provided in the Application, in connection with the User’s expressed consent to saving them (separate for analytical files, separate for functional files).

5.10. The processing of Personal Data in connection with the use of functional and analytical cookies depends on obtaining the User’s consent to the use (separately) of functional and analytical cookies via the cookie consent management platform. This consent may be withdrawn at any time via this platform.

5.11. If the User wants to obtain more information about individual files of these categories, i.e. the name of individual cookies, description of operation, validity period and origin, click the “Manage cookies” button located in Section 7 of the Privacy Policy – “Manage cookies” or the button with the same content available in the footer of each subpage of the Application. When the cookie banner appears, select the “Cookie
Settings” button and then expand the “Analytical Cookies” or “Functional Cookies” list, then click the “Details” button under each list.

6. ANALYTICAL AND MARKETING TOOLS USED BY THE CONTROLLER’S PARTNERS

6.1. The Controller and its Partners may use various solutions and tools for analytical and marketing purposes. Currently, the Controller does not use the Partners’ analytical and marketing tools in the Application. If the Controller engages Partners for this purpose, their list will be available in this section of the Privacy Policy along with a description of basic information about these tools. Detailed information in this regard
can be found in the privacy policy of a given partner.

7. MANAGE COOKIE SETTINGS

7.1. The use of cookies to collect data, including access to data stored on the User’s device, requires the User’s consent. In the Application, the Controller receives consent from the User via the cookie consent management platform. This consent may be withdrawn at any time according to the rules described in the Section 7.4 below.

7.2. Consent is not required only in the case of cookies whose use is necessary to provide a telecommunications service (data transmission to display content) – the User is not able to opt out of these cookies if he wants to use the Application.

7.3. In order to receive advertising tailored to the User’s preferences, in addition to consenting to the installation of cookies via the cookie consent management platform, it is necessary to maintain appropriate browser settings that allow cookies from the Application to be stored on the User’s final device.

7.4. Withdrawal of consent to the collection of cookies in the Application is possible via the cookie consent management platform. The user can return to the banner by clicking the “Manage cookies” button below or the button with the same content available in the footer of each subpage of the Application.

7.5. After displaying the banner, the User may withdraw consent by clicking the “COOKIE SETTINGS” button. Then move the slider next to the selected cookie category and press the “SAVE SETTINGS” button.

7.6. The user also has the option to withdraw consent by changing browser settings. Detailed information on this topic can be found at the following links:

7.6.1. Internet Explorer:
https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies

7.6.2. Mozilla Firefox: http://support.mozilla.org/pl/kb/ciasteczka

7.6.3. Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=956
47

7.6.4. Opera: http://help.opera.com/Windows/12.10/pl/cookie.html/

7.6.5. Safari: https://support.apple.com/kb/PH5042?locale=en-GB.

7.7. The user can at any time verify the status of his or her current privacy settings for the browser used using the tools available at the links below:

7.7.1. http://www.youronlinechoices.com/pl/twojewybory

7.7.2. http://optout.aboutads.info/?c=2&lang=EN.

7.8. To exercise your rights to access, correct, delete, limit, transfer, object to the processing of personal data, submit a complaint or ask any other question regarding cookies, please send your inquiry to the e-mail address [email protected] or other contact details Controller indicated in the Privacy Policy.

8. PERSONAL DATA PROCESSING PERIOD

8.1. The period of data processing by the Controller depends on the type of service provided and the purpose of processing. As a general rule, data is processed for the duration of the service provision, until the consent is withdrawn or an effective objection to data processing is raised in cases where the legal basis for data processing is the legitimate interest of the Controller.

8.2. The data processing period may be extended if processing is necessary to establish and pursue possible claims or defend against claims, and after that time only if and to the extent required by law. After the processing period, the data is irreversibly deleted or anonymized.

9. RIGHTS RELATED TO THE PROCESSING OF PERSONAL DATA RIGHTS OF DATA SUBJECTS

9.1. Data subjects have the following rights:

9.1.1. the right to information about the processing of personal data – on this basis, the Controller provides the natural person submitting the request with information about data processing, including, in particular, the purposes and legal basis for processing, the scope of data held, entities to which it is disclosed, and the planned date of data deletion;

9.1.2. the right to obtain a copy of the data – on this basis, the Controller provides a copy of the processed data regarding the natural person submitting the request;

9.1.3. the right to rectification – the Controller is obliged to remove any possible inconsistencies or errors in the processed Personal Data and supplement them if they are incomplete;

9.1.4. the right to delete data – on this basis, you can request the deletion of data whose processing is no longer necessary to achieve any of the purposes for which it was collected;

9.1.5. the right to limit processing – if such a request is made, the Controller ceases to perform operations on Personal Data – except for operations to which the data subject has consented – and to store them, in accordance with the adopted retention principles or until the reasons for limiting data processing no longer exist ( e.g. a decision of the supervisory authority will be issued authorizing further data processing);

9.1.6. the right to transfer data – on this basis – to the extent that the data is processed in an automated manner in connection with the concluded contract or consent – the Controller issues the data provided by the person to whom they concern in a format allowing the data to be read by a computer. It is also possible to request that these data be sent to another entity, provided that there are technical possibilities in this respect on the part of both the Controller and the indicated entity;

9.1.7. the right to object to the processing of data for marketing purposes – if applicable, the data subject may at any time object to the processing of Personal Data for marketing purposes, without the need to justify such an objection;

9.1.8. the right to object to other purposes of data processing – the Data Subject may at any time object – for reasons related to his or her particular situation – to the processing of Personal Data which is carried out on the basis of the legitimate interest of the Controller (e.g. reasons related to the protection of property); objections in this respect should include justification;

9.1.9. the right to withdraw consent – if data are processed on the basis of consent, the Data Subject has the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing carried out before its withdrawal;

9.1.10. the right to complain – if it is considered that the processing of Personal Data violates the provisions of the GDPR or other provisions regarding the protection of Personal Data, the Data Subject may submit a complaint to the authority supervising the processing of Personal Data competent for the place of habitual residence of the Data Subject, his place of work or place committing the alleged infringement. In Poland, the supervisory authority is the President of the Personal Data Protection Office.

10. SUBMITTING REQUESTS RELATED TO THE EXERCISE OF RIGHTS

10.1. A request to exercise the rights of Data Subjects may be submitted:

10.1.1. in writing to the Controller’s address;

10.1.2. electronically to the following e-mail address: [email protected]

10.2. The application should, as far as possible, indicate precisely what the request concerns, i.e. in particular:

10.2.1. what rights the person submitting the application wants to exercise (e.g. the right to receive a copy of data, the right to delete data, etc.);

10.2.2. what processing process the request concerns (e.g. use of a specific service, activity on a specific website, etc.);

10.2.3. what purposes of processing the request concerns (e.g. purposes related to the provision of services, etc.).

10.3. If the Controller is unable to identify a natural person based on the submitted request, he will ask the applicant for additional information. Providing such data is not obligatory, but failure to provide it will result in the request being refused.

10.4. The request may be submitted in person or through a representative (e.g. a family member). For data security reasons, the Controller encourages you to use a power of attorney in a form certified by a notary or an authorized legal advisor or attorney, which will significantly speed up the verification of the authenticity of the request.

10.5. A response to the notification should be provided within one month of its receipt. If it is necessary to extend this deadline, the Controller informs the applicant about the reasons for this action.

10.6. In the case where the request was sent to the Controller electronically, the response is provided in the same form, unless the applicant requested a response in a different form. In other cases, the answer is provided in writing. If the deadline for fulfilling the request makes it impossible to respond in writing, and the scope of the applicant’s data processed by the Controller allows contact via electronic means, the response should be provided electronically.

11. DATA RECIPIENTS

11.1. In certain cases, if necessary to achieve the purposes described above, Personal Data will be disclosed to external entities providing services to the Controller (e.g. IT service providers, analytical companies).

11.2. The Controller reserves the right to disclose selected information about the User to competent authorities or third parties who request such information, based on an appropriate legal basis and in accordance with the provisions of applicable law.

12. TRANSFER OF DATA OUTSIDE THE EEA

12.1. The level of protection for Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Controller transfers Personal Data outside the EEA only when necessary and ensuring an adequate level of protection, primarily by:

12.1.1. cooperation with entities processing Personal Data in countries for which an appropriate decision of the European Commission has been issued regarding the assurance of an adequate level of protection of Personal Data (detailed information can be found here);

12.1.2. application of standard contractual clauses issued by the European Commission; together with the required additional security measures, they provide Personal Data with the same protection as they are entitled to in the European Union; contract templates can be found here;

12.1.3. application of binding corporate rules approved by the competent supervisory authority.

13. CONTACT DETAILS

13.1. Contact with the Controller is possible via the e-mail address [email protected] or the Controller’s correspondence address (ul. Młynarska 8/12, 01-194 Warsaw).

13.2. The Controller has appointed a Personal Data Protection Coordinator who can be contacted via e-mail [email protected], in writing to the Controller’s correspondence address in any matter regarding the processing of Personal Data.

14. CHANGES TO THE PRIVACY POLICY

14.1. The policy is verified on an ongoing basis and updated, if necessary.

14.2. The current version of the Policy has been adopted and is valid from 26/03/2024