1. Definitions
   
   

1.1. Controller or Pergamin – Pergamin sp. z o.o. with headquarters in Wrocław, 42a Robotnicza Street, 53-608 Wrocław.

1.2. Personal data – information about a natural person identified or identifiable by one or more specific factors that determine physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, Internet identifier and information collected through cookies and other similar technology.

1.3.  Policy – this Privacy Policy.

1.4. RODO – Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.

1.5. Service – the Internet service operated by the Controller at www.pergam.in.

1.6.   User – any natural person visiting the Site or using one or more of the services or functionalities described in the Policy.

2. Data processing in connection with the use of the SERVICE

2.1.        In connection with the User’s use of the Website, the Controller collects data to the extent necessary to provide electronic services, as well as information about the User’s activity on the Website. Detailed rules and purposes for processing Personal Data collected during the User’s use of the Website are described below.

3. Purposes and legal basis of data processing on the site

USE OF THE SERVICE

3.1.       Personal data of all persons using the Website (including IP address or other identifiers and information collected through cookies or other similar technologies), are processed by the Controller for:

3.1.1.  provision of services electronically in the scope of providing Users with access to the content collected on the Website – the legal basis for processing is the necessity of processing for the performance of the contract (Article 6(1)(b) of the RODO);

3.1.2. analytical and statistical purposes – the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) of the RODO), consisting in conducting analyses of Users’ activities, as well as their preferences to improve the functionalities used and services provided;

3.1.3. possible establishment and investigation of claims or defense against claims – the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) of the RODO), consisting of the defense of its economic interests;

3.1.4.  marketing of the Controller – the rules of processing Personal Data for marketing purposes are described in the MARKETING section.

3.2.   The User’s activity on the Service, including his/her Data, is recorded in system logs (a special computer program used to store a chronological record containing information about events and activities that relate to the computer system used to provide services by the Controller). The information collected in the logs is processed primarily for purposes related to the provision of services. The Controller also processes them for technical, and administrative purposes, to ensure the security of the IT system and the management of this system, as well as for analytical and statistical purposes – in this regard, the legal basis for processing is the Controller’s legitimate interest (Article 6(1)(f) of the RODO), consisting of providing and improving the functionality offered to Users;

E-BOOK

3.3.   Users who fill out the application form to download the Controller’s e-book are asked to provide the data necessary to process the application. Provision of this data is required to process the request and dispatch the e-book, and failure to provide this data will result in the inability to process the request and dispatch the e-book to the User.

3.4.  Personal data is processed for:

3.4.1.  handling of the User’s request and dispatch of the e-book – the legal basis for the processing is the necessity of the processing for the performance of the contract (Article 6(1)(b) of the RODO);

3.4.2. possible establishment and pursuit of claims or defense against claims – the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) of the RODO), in defending its economic interests.

NEWSLETTER

3.5.   By filling in the application forms within the Service (e.g. downloading an e-book or applying for the Affiliate Program), the User may also wish to use the newsletter service. In such a case, the Personal Data provided by the User as part of the application form, including first name and e-mail address, will be processed by the Controller to send the newsletter containing commercial information about the Controller’s activities. Providing this data is necessary for sending the newsletter, and failure to provide it will result in the inability to receive it.

3.6.  Personal data is processed for:

3.6.1. enable the User to become acquainted with the Controller’s current offer included in the newsletter – the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) of the RODO), consisting of the implementation of the Controller’s marketing activities in the form of directing e-mail notifications to Users about interesting offers or content, in connection with signing up for the newsletter;

3.6.2.  possible establishment and pursuit of claims or defense against claims – the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) of the RODO), in defending its economic interests.

AFFILIATE PROGRAM

3.7.   The Controller allows the User to join the Affiliate Program. A User who wishes to join the Affiliate Program is asked to provide the data necessary to send the application form. Provision of this data is required to conclude a contract for participation in the Affiliate Program, and failure to provide such data will result in the User’s inability to join the Controller’s Affiliate Program and take advantage of the benefits available therein.

3.8.  Personal data is processed for:

3.8.1. enable participation in the Affiliate Program, including obtaining the benefits available therein – the legal basis for processing is the necessity of processing to perform the contract for participation in the Affiliate Program (Article 6(1)(b) of the RODO);

3.8.2.  To comply with the legal obligations incumbent on the Controller under generally applicable legal regulations, primarily in terms of documenting the transfer of benefits related to participation in the Affiliate Program to the User, which obligations are referred to in particular in the accounting and tax law regulations (Article 6(1)(c) of the RODO);

3.8.3.  possible establishment and pursuit of claims or defense against claims – the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) of the RODO), in defending its economic interests.

CHATBOT

3.9.   The Controller provides the User with the possibility to contact the User using the live chat available on the Website (Chatbot service).

3.10.  Personal data of the User using the chat function, is processed for the purpose:

3.10.1. to conduct communication with the Controller and for the purposes arising therefrom – the legal basis for processing is the necessity to perform the Chatbot service agreement (Article 6(1)(b) of the RODO);

3.10.2. targeting of marketing content by the Controller, including information about e-books, within the framework of a chat room – the legal basis for data processing is the Controller’s legitimate interest (Article 6(1)(f) of the RODO), consisting of the possibility of targeting content promoting the Controller’s activities and services in connection with the consent given;

3.10.3.   establishing or asserting possible claims or defending against such claims by the Controller – the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) of the RODO) in defending its economic interests.

FREE CONSULTATIONS

3.11.  A user who fills out an application form for free consultations on the Controller’s services and products is asked to provide the data necessary to handle the application. Provision of this data is required to handle the application and organize the free consultation, and failure to provide this data will result in the inability to handle the application and participate in the consultation. For the rest, providing the data is voluntary.

3.12.  Personal data is processed for:

3.12.1. handling of a request directed using a form, including the realization of the service of free consultation and presentation of the Controller’s offer in connection with the received request – the legal basis for processing is the necessity to perform the contract (Article 6(1)(b) RODO); in the scope of data provided optionally, the legal basis for processing is consent (Article 6(1)(a) of the RODO);

3.12.2. establishing or asserting potential claims or defending against such claims by the Controller – the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) of the RODO) in defending its economic  interests.

ORGANIZATION OF WEBINARS

3.13. In connection with the organization of webinars, the Controller obtains Personal Data from persons signing up for and participating in events. The scope of the data provided is in each case limited to the extent necessary for the organization of the event and usually does not include information other than name and email address. Provision of this data is required to process the application and enable participation in the webinar, and failure to do so will result in the User’s inability to process the application and participate in the event. For the rest, providing the data is voluntary.

3.14.  Personal data is processed for:

3.14.1. handling of a request directed using a form, including participation in a webinar organized by the Controller – the legal basis for processing is a necessity for the performance of the contract (Article 6(1)(b) of the RODO); concerning data provided optionally, the legal basis for processing is consent (Article 6(1)(a) of the RODO);

3.14.2.   establishing or asserting potential claims or defending against such claims by the Controller – the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) of the RODO) in defending its business interests.

E-MAIL AND TRADITIONAL CORRESPONDENCE

3.15.  In the case of directing to the Controller via e-mail or traditional correspondence that is not related to the services provided to the sender or any other agreement concluded with him, the personal data contained in this correspondence is processed solely for communication and resolution of the matter to which the correspondence relates.

3.16. Personal data is processed for:

3.16.1. communication and resolution of the matter – the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) of the RODO) consisting of correspondence addressed to it in connection with its business activities;

3.16.2.   establishing or asserting potential claims or defending against such claims by the Controller – the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) of the RODO) in defending its economic interests.

CALL

3.17.  In the case of contacting the Controller by telephone, in matters not related to the concluded agreement or the provided services, the Controller may require the User to provide Personal Data only if it is necessary to handle the matter to which the contract relates. The Controller also provides through the Service the Callpage functionality, which allows the User to request the service of a telephone call with the Controller.

3.18. Personal data is processed for:

3.18.1. to provide contact and service of the request – the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) RODO) consisting of the need to resolve the reported matter related to its business activity;

3.18.2.   The implementation of the service of ordering a phone call through the Callpage functionality – the legal basis for processing is the necessity of processing for the performance of the contract (Article 6(1)(b) of the RODO);

3.18.3.   establishing or asserting potential claims or defending against such claims by the Controller – the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) of the RODO) in defending its economic interests.

COLLECTING DATA THROUGH BUSINESS CONTACTS

3.19. In connection with its operations, the Controller also collects personal data in other cases – such as during business meetings or through the exchange of business cards – to initiate and maintain business contacts. The legal basis for processing, in this case, is the legitimate interest of the Controller (Article 6(1)(f) of the RODO), consisting of networking in connection with its business activities.

USE OF THE PERGAM.IN APPLICATION

3.20.        The Controller allows the User to use the pergam.in application provided by the Controller, via the “Login” tab, as well as the test service to access the pergam.in application via the “Create a free account” tab available on the Website. If any of the aforementioned tabs is selected, the User will be redirected to www.my.pergam.in, which is not part of the Website. For information on the processing of personal data via www.my.pergam.in, please refer to the Privacy Policy of the pergam.in Application.

SOCIAL NETWORKS

3.21. The Controller processes the personal data of Users visiting the Controller’s profiles maintained on social media (Facebook, YouTube, Linkedin, Twitter, Instagram). The data is processed exclusively in connection with the running of the profile, including to inform Users about the Controller’s activities and promote various events, services and products, as well as for analytical and statistical purposes. The legal basis for the Controller’s processing of personal data for this purpose is its legitimate interest (Article 6(1)(f) of the RODO), consisting of promoting its brand and analyzing the preferences and activities of Users visiting the Controller’s social media profiles to improve the functionalities used and services provided.

3.22.  The above information does not apply to the processing of data by Controllers of social networks (Facebook, YouTube, Instagram, Twitter and LinkedIn). For detailed information on this purpose and the scope of data collection by social networks, please follow the links below:

3.22.1.   Facebook: https://www.facebook.com/policy.php

3.22.2.  YouTube: https://policies.google.com/privacy

3.22.3. Instagram: https://help.instagram.com/519522125107875/?maybe_redirect_pol=0

3.22.4.  Twitter: https://twitter.com/en/privacy

3.22.5.  LinkedIn: https://www.linkedin.com/legal/privacy-policy?_l=pl_PL.

4. Marketing

4.1.   The Controller processes Users’ data to carry out marketing activities, which may consist of:

4.1.1.  displaying marketing content to the User that is not tailored to the User’s preferences (contextual advertising);

4.1.2.  displaying marketing content to the User that corresponds to the User’s interests (behavioral advertising).

4.1.3.  conducting activities related to direct marketing of its own goods and services (sending commercial information electronically and telemarketing activities).

CONTEXTUAL ADVERTISING

4.2.  The Controller processes Users’ Personal Data for marketing purposes in connection with directing contextual advertising (i.e. advertising that is not tailored to the User’s preferences) to Users. The processing of Personal Data then takes place in connection with the realization of the Controller’s legitimate interest (Article 6(1)(f) of the RODO).

BEHAVIORAL ADVERTISING

4.3.  The Controller and its trusted partners process Users’ Personal Data, including Personal Data collected through cookies and other similar technologies, for marketing purposes in connection with targeting Users with behavioral advertising (i.e., advertising that is tailored to the User’s preferences).

DIRECT MARKETING

4.4.  The Controller also processes the User’s Personal Data to direct marketing content to the User through various channels, i.e. via email, MMS / SMS, chatbot or phone calls. Such activities are undertaken by the Controller only if the Participant has consented to them. The User may withdraw any of the consents granted at any time, e.g. by contacting the Controller at the contact details indicated in Section 13 of the Privacy Policy.

5.     Cookies and similar technology

5.1. Cookies are small text files installed on the User’s device. Cookies collect information to facilitate the use of the website – e.g. by remembering information about the User, e.g. concerning login or language preferences. The Controller of the data processed in connection with the use of cookies is Pergamin sp. z o.o. based in Wrocław. The Controller uses its files on the Website, which are installed directly by the Website. Third-party cookies – which are cookies from a domain other than the domain of the visited website – are also used, primarily for the Controller’s analytical and advertising activities. 

5.2.   The Website uses cookies primarily to ensure the proper functioning of the website, to remember the User’s choices on the site – and, if the User gives the appropriate consent, also to analyze and track traffic on the Website and to match advertising content to interests. Within the Service, based on the consent obtained, cookies are also installed to enable the use of social media functionality.

5.3.   Below are details of the cookies that the Controller uses on the Service. The Controller uses regular tools to scan the Website to determine what cookies are stored on the User’s device so that the list of cookies used is as accurate as possible. The Controller uses the following categories of cookies: essential, functional, analytical, advertising cookies and social media cookies.

ESSENTIAL COOKIES

5.4.  The Controller’s use of essential cookies is necessary for the proper functioning of the website. These cookies are installed in particular to remember login sessions or fill out forms, as well as to set privacy options.

5.5.   The legal basis for the processing of data in connection with the use of necessary cookies is the necessity of the processing for the performance of the contract (Article 6(1)(b) of the RODO).

5.6.   If the User wishes to obtain more information about individual cookies in this category, i.e. the name of each cookie, description of operation, validity period and origin, click the “Manage cookies” button, which can be found in Section 7 of the Privacy Policy, or the button with the same content available in the footer of each subpage of the Website. When the cookie banner appears, select the “Cookie Settings” button and then expand the list of “Necessary cookies”, and then the “Details” button below.

FUNCTIONAL AND ANALYTICAL COOKIES

5.7.   Functional cookies are used to remember and customize the Service according to the User’s choices in terms of, among other things, language preferences. Functional cookies may be installed by the Controller and its partners through the Service.

5.8.  Analytical cookies enable the acquisition of information such as the number of visits and sources of traffic to the Site. They are used to determine which pages are more and which are less popular and to understand how Users navigate the Site by keeping statistics on the traffic on the Site. The processing is done to improve the performance of the Website. The information collected by these cookies is aggregated, so they are not intended to determine your identity. Functional cookies may be installed by the Controller and its partners through the Service.

5.9.   The legal basis for the processing of Personal Data in connection with the use of functional and analytical cookies by the Controller, is its legitimate interest (Article 6(1)(f) of the RODO), consisting in ensuring the highest quality of services provided on the Site, in connection with the User’s consent to their storage (separate for analytical files, separate for functional files).

5.10. The processing of Personal Data in connection with the use of functional and analytical cookies is subject to the User’s consent to the use (separately) of functional and analytical cookies through the cookie consent management platform. This consent can be withdrawn at any time through this platform.

5.11.  If the User wants to obtain more information about the individual files of these categories, i.e. the name of each cookie, description of operation, validity period and origin, click the “Manage cookies” button, which can be found in Section 7 of the Privacy Policy – “Manage cookies” or a button with the same content available in the footer of each subpage of the Website. When the cookie banner appears, select the “Cookie Settings” button and then expand either the “Analytical cookies” or “Functional cookies” list, then the “Details” button under each list.

ADVERTISING COOKIES

5.12.  Advertising cookies allow matching the advertising content displayed to the interests of Users within and outside the Website. Based on the information from these cookies and the User’s activity on other services, a profile of the User’s interests is built. Advertising cookies may be installed by the Controller and its partners through our Service.

5.13.  The legal basis for the processing of Personal Data in connection with the use of advertising cookies by the Controller, for this purpose, is its legitimate interest (Article 6(1)(f) of the RODO), consisting of promoting the Controller’s brand and informing about the Controller’s current offer, including by directing marketing information to the Service Users corresponding to their interests, in connection with the User’s consent to the recording of advertising cookies.

5.14.  Processing of Personal Data in connection with the use of advertising cookies is possible after obtaining the User’s consent to the use of consent through the consent management platform. This consent can be withdrawn at any time through this platform.

5.15.  If the User wants to get more information about individual cookies in this category, i.e. the name of each cookie, description of operation, validity period and origin, click the “Manage cookies” button, which can be found in Section 7 of the Privacy Policy – “Manage cookies” or a button with the same content available in the footer of each subpage of the Website. When the cookie banner appears, select the “Cookie Settings” button and then expand the “Advertising Cookies” list, then the “Details” button below.

SOCIAL MEDIA COOKIES

5.16. These cookies are installed by the Controller’s partners to match the displayed advertising content on the social media used by the User. Based on the information from these cookies and activity on other sites or social media, an interesting profile is built. This ensures that the content displayed is tailored to individual needs. Social media cookies do not directly store personal information, but identify the web browser and hardware. If the User does not allow the use of these cookies, the Controller will not be able to prevent the same advertisement from being displayed or allow likes and shares of content posted by the Controller on social media.

5.17.  If the User wants to get more information about the individual cookies in this category, i.e. the name of each cookie, description of operation, validity period and origin, click the “Manage cookies” button, which can be found in Section 7 of the Privacy Policy – “Manage cookies” or a button with the same content available in the footer of each subpage of the Website. When the cookie banner appears, select the “Cookie Settings” button and then expand the list of “Social Media Cookies”, and then the “Details” button below.

6. ANALYTICAL AND MARKETING TOOLS USED BY THE CONTROLLER’S PARTNERS

6.1. The Controller and its Partners apply various solutions and tools used for analytical and marketing purposes. Below you will find basic information about these tools. Detailed information in this regard can be found in the privacy policy of the respective Partner.

6.2. The current and complete list of the Controller’s Partners, is available at the link.

GOOGLE ANALYTICS

Google Analytics cookies are files used by Google to analyze how the User uses the Website and to create statistics and reports on the functioning of the Website. Google does not use the collected data to identify the User, nor does it combine this information to enable identification. Detailed information about the scope and principles of data collection in connection with this service can be found at the following link: https://www.google.com/intl/pl/policies/privacy/partners.

GOOGLE ADS

Google Ads is a tool that allows us to measure the effectiveness of advertising campaigns implemented by the Controller, allowing us to analyze such data as keywords or the number of unique users. The Google Ads platform also allows us to display our ads to people who have visited the Service in the past. Information on Google’s data processing for the above service is available at the following link: https://policies.google.com/technologies/ads?hl=pl.

FACEBOOK PIXELS

Facebook Pixels is a tool that allows measuring the effectiveness of advertising campaigns implemented by the Controller on Facebook. The tool allows advanced data analytics to optimize the Controller’s activities also using other tools offered by Facebook. Detailed information on data processing by Facebook can be found at the following link: https://pl-pl.facebook.com/help/443357099140264?helpref=about_content.

HOTJAR

HotJar is a tool that allows the Controller to analyze User activity on the Website, such as through surveys or satisfaction surveys, and through the anonymous collection of information about clicks on particular places on the Website. The tool does not allow for User identification. Detailed information about the data collected through HotJar and how to deactivate User monitoring is available at the following link: https://www.hotjar.com/privacy.

HEAP ANALYTICS

Heap Analytics is a tool that allows the Controller to analyze User activity on the Site, such as generating reports on how Users use the Site, including based on analysis of User traffic and behavior on the Site. The tool uses analytical cookies, which (if the User consents to their installation) are stored on the User’s computer to help the Controller analyze how Users use the Site. Detailed information about the data collected through Heap Analytics is available at the following link: https://heap.io/privacy.

ELEMENTOR

Elementor is an analytical tool that allows the Controller to create the Website and the functionalities available in it through a graphical editor, with minimal need for coding. This tool allows the Controller to analyze the activity and traffic of Users involved in the creation of the Service from the technical side. Detailed information about the data collected through the Elementor tool is available at the following link: https://elementor.com/about/privacy/.

HUBSPOT

HubSpot is a tool that allows the Controller to analyze Users’ activity on the Website, e.g. by collecting anonymous information on how Users use the forms available on the Website. Detailed information about the data collected through the HubSpot tool is available at the following link: https://legal.hubspot.com/privacy-policy.

7.     Cookie settings management

7.1.  The use of cookies to collect data through them, including gaining access to the data stored on the User’s device, requires the User’s consent. On the Website, the Controller receives consent from the User through the cookie consent management platform. This consent can be withdrawn at any time according to the rules described in Section 7.4 below.

7.2.   Consent is not required only in the case of cookies, the use of which is necessary for the provision of telecommunications service (data transmission to display content) – the User does not have the option to opt out of these cookies if he or she wants to use the Service.

7.3. To receive advertising tailored to the User’s preferences, in addition to agreeing to the installation of cookies through the cookie consent management platform, it is necessary to maintain appropriate browser settings that allow the storage of cookies from the Service on the User’s terminal device.

7.4.  Withdrawal of consent for the collection of cookies on the Website is possible through the cookie consent management platform. The user can return to the banner by clicking on the “Manage cookies” button below or a button with the same content available in the footer of each subpage of the Website.

7.5.   After the banner is displayed, the User can withdraw consent by clicking the “SET COOKIE SETTINGS” button. Then move the slider next to the selected cookie category and press the “SAVE SETTINGS” button.

7.6.  Users also have the option to withdraw consent by changing their browser settings. For details, please see the links below:

7.6.1.  Internet Explorer: https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies

7.6.2. Mozilla Firefox: http://support.mozilla.org/pl/kb/ciasteczka

7.6.3. Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647

7.6.4. Opera: http://help.opera.com/Windows/12.10/pl/cookie.html/

7.6.5. Safari: https://support.apple.com/kb/PH5042?locale=en-GB.

7.7.   You can verify the status of your current privacy settings for the browser you are using at any time using the tools available at the links below:

7.7.1. http://www.youronlinechoices.com/pl/twojewybory

7.7.2. http://optout.aboutads.info/?c=2&lang=EN.

7.8.  To exercise your rights to access, correct, delete, restrict, transfer, object to the processing of your data, file a complaint or ask any other question regarding cookies, please send your request to [email protected] or other contact information of the Controller indicated in the Privacy Policy.

8. Period of processing of Personal Data

8.1.   The period of data processing by the Controller depends on the type of service provided and the purpose of the processing. As a general rule, data are processed for the duration of the service, until the withdrawal of the consent given, or until an effective objection to data processing is made in cases where the legal basis for data processing is the legitimate interest of the Controller.

8.2.  The processing period may be extended if the processing is necessary for the establishment and assertion of possible claims or defense against claims, and thereafter only if and to the extent required by law. After the expiration of the processing period, the data shall be irreversibly deleted or anonymized.

9. Rights related to the processing of personal data

RIGHTS OF DATA SUBJECTS

9.1.   Data subjects have the following rights:

9.1.1.          The right to information about the processing of personal data – on this basis, the Controller provides the individual requesting information about the processing of data, including, in particular, the purposes and legal grounds for the processing, the scope of the data held, the entities to which they are disclosed, and the planned date of deletion;

9.1.2.          The right to obtain a copy of the data – on this basis, the Controller provides a copy of the processed data concerning the individual making the request;

9.1.3.          The right to rectification – the Controller is obliged to remove any inconsistencies or errors in the processed Personal Data and complete them if they are incomplete;

9.1.4.          The right to erasure – on this basis, you can request the erasure of data, the processing of which is no longer necessary to carry out any of the purposes for which they were collected;

9.1.5.          The right to restrict processing – if such a request is made, the Controller shall cease performing operations on Personal Data – except operations consented to by the data subject – and their storage, by the retention rules adopted, or until the reasons for restricting processing cease to exist (e.g., a decision is issued by a supervisory authority authorizing further processing);

9.1.6.          The right to data portability – on this basis – to the extent that the data are processed by automated means in connection with a contract concluded or consent is given – the Controller shall issue the data provided by the data subject in a computer-readable format. It is also possible to request that the data be sent to another entity, provided, however, that there are technical capabilities in this regard both on the part of the Controller and the designated entity;

9.1.7.          The right to object to processing for marketing purposes – if applicable, the Data Subject may object to the processing of Personal Data for marketing purposes at any time, without having to justify such objection;

9.1.8.          The right to object to other purposes of processing – the Data Subject may object at any time – for reasons related to his/her particular situation – to the processing of Personal Data that is carried out based on a legitimate interest of the Controller (e.g., reasons related to property protection); the objection in this regard should contain a justification;

9.1.9.         The right to withdraw consent – if the data are processed based on the consent given, the Data Subject has the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing carried out before the withdrawal;

9.1.10.       The right to complain – if the processing of Personal Data is deemed to violate the provisions of the RODO or other regulations on the protection of Personal Data, the Data Subject may file a complaint with the supervisory authority for the processing of Personal Data, which has jurisdiction over the Data Subject’s habitual residence, place of work or place where the alleged infringement has been committed. In Poland, the supervisory authority is the President of the Personal Data Protection Office.

10.   MAKING DEMANDS RELATED TO THE EXERCISE OF RIGHTS

10.1. A request for the exercise of Data Subjects’ rights can be made:

10.1.1.         in writing to the Controller’s address;

10.1.2.        by e-mail to: [email protected]

10.2. The request should, if possible, indicate precisely what the request is about, i.e. in particular:

10.2.1.        What right the requester wants to exercise (e.g., the right to receive a copy of the data, the right to erasure, etc.);

10.2.2.   What processing the request concerns (e.g., use of a specific service, activity on a specific website, etc.);

10.2.3.   What are the purposes of the processing requested (e.g., purposes related to the provision of services, etc.)

10.3. If the Controller is unable to identify an individual based on the submitted request, it will ask the applicant for additional information. It is not mandatory to provide such data, but failure to do so will result in denial of the request.

10.4.   The request may be made in person or through a proxy (e.g., a family member). For reasons of data security, the Controller encourages the use of a power of attorney in a form certified by a notary public or authorized legal counsel or attorney, which will significantly accelerate  the verification of the authenticity of the request.

10.5. The application should be responded to within one month of receipt. If it is necessary to extend this period, the Controller shall inform the applicant of the reasons for this action.

10.6. In the case where the request is addressed to the Controller electronically, the response shall be provided in the same form, unless the requester has requested a response in another form. In other cases, the response shall be provided in writing. If the timing of the request makes it impossible to respond in writing, and the extent of the applicant’s data processed by the Controller makes it possible to contact him electronically, the response shall be provided electronically.

11. Recipients of data

11.1.   In certain cases, insofar as it is necessary to achieve the purposes described above, Personal Data will be disclosed to external entities providing services to the Controller (e.g. IT service providers, CRM providers, service providers for ordering and calling analytical and marketing companies).

11.2. If the User’s consent is obtained, his/her data may also be shared with other entities for their purposes, including marketing purposes.

11.3. The Controller reserves the right to disclose selected information concerning the User to competent authorities or third parties who request such information, relying on the relevant legal basis and by the provisions of the applicable law.

12. Transfers of data outside the EEA

12.1. The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Controller transfers Personal Data outside the EEA only when necessary and with an adequate level of protection, primarily by:

12.1.1.  Cooperation with processors of Personal Data in countries for which a relevant decision of the European Commission has been issued regarding the determination of ensuring an adequate level of protection of Personal Data (for details, click here);

12.1.2. Use of standard contractual clauses issued by the European Commission; together with the required additional security measures, these provide Personal Data with the same protection as it receives  in the European Union; you can find model contracts here;

12.1.3. application of binding corporate rules approved by the relevant supervisory authority.

12.2. Users’ personal data is transferred outside the EEA in the following cases:

12.2.1. in the case of use of a blog available on the Website – to the provider of the WordPress tool, which enables its maintenance and management of published content, i.e. Automatic Inc. based in the USA;

12.2.2.   in the case of Users involved in the technical development of the Service, to the provider of the Elementor tool, i.e. Elementor Ltd. based in Israel; Personal Data provided to Elementor Ltd. is then transferred to its subcontractors based in the USA and Canada;

12.2.3.   in connection with the use of the analytical tool Heap Analytics enabling analysis of Users’ activity within the Service – Personal Data is transferred to Heap Inc. based in the USA;

12.2.4.   in the case of Users who use the Callpage tool for ordering and calling the Controller – to subcontractors of this provider – Callpage sp. z o.o. located in the USA.

12.2.5.   in connection with the use of the Google Analytics tool, which enables the analysis of User activity and the creation of reports and statistics from such analysis, as well as the Google Ads tool, which enables the measurement of the effectiveness of advertising campaigns carried out by the Controller – Users’ Personal Data is transferred to Google LLC. based in the USA;

12.2.6.   in connection with the use of the Facebook Pixel tool, the provider of this tool, Meta Platforms Ireland Limited, based in Ireland, transfers Personal Data to its subcontractors located in the United States;

12.2.7.   in connection with the use of the Hotjar tool to conduct analysis of Users’ activities and create reports and statistics, Users’ Personal Data is transferred by the provider of this tool, Hotjar Ltd. based in Malta, to its subcontractors located in the USA;

12.2.8.   in connection with the use of the Hubspot tool, which enables analysis of Users’ activity on the Service – Users’  Personal Data is transferred to HubSpot Inc. headquartered in the U.S., as well as to HubSpot Inc.’s subcontractors located in Japan, Brazil and other countries outside the EEA with which HubSpot Inc. cooperates.

12.3.  To ensure a high degree of protection of the transferred Personal Data, this transfer is carried out based on:

12.3.1. a decision by the European Commission finding an adequate level of protection for Personal Data in Israel, which is available at: https://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32011D0061 – when transferring Personal Data to Elementor Ltd. based in Israel;

12.3.2.   a decision by the European Commission finding an adequate level of protection for Personal Data in Canada, which is available at: https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32002D0002 – for transfers of Personal Data by Elementor Ltd. to its subcontractor located in Canada;

12.3.3.   the European Commission’s decision finding an adequate level of protection for Personal Data in Japan, which is available at: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2019.076.01.0001.01.ENG&toc=OJ:L:2019:076:TOC – for transfers of Personal Data by HubSpot Inc. to its subcontractor in Japan;

12.3.4.   standard contractual clauses issued by the European Commission – in the case of transfers of Personal Data to other subcontractors based in the countries referred to in clauses. 12.2.1 – 12.2.8 above; the Participant has the right to obtain a copy of the standard contractual clauses establishing the relevant safeguards and a summary description of the applicable security measures. For this purpose, please contact the Controller’s Data Protection Coordinator [email protected].

13. Contact information

13.1. Contact with the Controller is possible via e-mail address [email protected] or the Controller’s mailing address (Młynarska 8/12, 2nd floor, 01-194 Warsaw).

13.2. The Controller has appointed a Personal Data Protection Coordinator, who can be contacted via e-mail [email protected], in writing to the Controller’s registered office address on any matter concerning the processing of Personal Data.

14.   Changes to the Privacy Policy

14.1. The policy is reviewed on an ongoing basis and updated as necessary.

14.2. The current version of the Policy has been adopted and is effective as of 22/06/2022.