PRIVACY POLICY IDENTT SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ

Preliminary provisions

  1. The addressees of the privacy policy are solely natural persons contacting the Data Controller (ADO) by telephone, e-mail, including via the contact form, as well as those establishing cooperation as an external entity.
  2. The Personal Data Controller is IDENTT SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office in Wrocław, ul. gen. Romualda Traugutta 45, 50-416, entered into the Register of Entrepreneurs maintained by the DISTRICT COURT FOR WROCŁAW FABRYCZNA IN WROCŁAW, VI ECONOMIC DIVISION OF THE NATIONAL COURT REGISTER under KRS number: 0000586371 (hereinafter referred to as “IDENTT”, “ADO”).
  3. ADO can be contacted in writing at: ul. gen. Romualda Traugutta 45, 50-416 Wrocław or by e-mail at: kontakt@identt.pl, by phone +48 572 651 741.
  4. ADO has appointed a Data Protection Officer who can be contacted by phone at: +48 572 651 741 or by e-mail at: iod@identt.pl.
  5. The Privacy Policy contains information regarding the processing by ADO of personal data of individuals using or representing entities using services provided by ADO, including individuals visiting ADO’s websites, in particular the Website in the domain https://identt.pl or ADO’s social media profiles (hereinafter referred to as “Clients”).
  6. ADO attaches great importance to the protection of the privacy and confidentiality of personal data entered or provided by Clients, and carefully selects and applies appropriate technical and organizational measures to ensure the protection of processed personal data.
  7. Full access to databases is granted only to persons duly authorized by ADO. ADO protects personal data against disclosure to unauthorized persons, as well as against their processing in violation of applicable laws.
  8. Visitors may browse websites in services provided by ADO without registration and providing personal data.

    Legal grounds for personal data processing

Personal data is processed by the Data Controller (ADO) in accordance with the law, including in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred 1 to as “GDPR”) for the purpose of:

  1. Establishing business relations, including responding to inquiries made in connection with Clients’ contact (pursuant to Article 6(1)(f) of the GDPR as the realization of ADO’s legitimate interest);
  2. Concluding and performing a contract for the provision of services by ADO (pursuant to Article 6(1)(b) of the GDPR);
    Providing the newsletter service on the terms set out in the regulations regarding newsletter services (pursuant to Article 6(1)(b) of the GDPR);
  3. Fulfilling legal obligations incumbent on ADO regarding tax and accounting obligations (pursuant to Article 6(1)(c) of the GDPR in connection with tax and accounting regulations);
  4. Running social media profiles and informing Clients through them about ADO’s activity, promoting the brand, services, building and maintaining a community related to ADO, and for communication via available functionalities (pursuant to Article 6(1)(f) of the GDPR as the realization of ADO’s legitimate interest);
  5. Marketing of ADO services (Article 6(1)(a) of the GDPR (consent));
  6. Direct marketing (Article 6(1)(f) of the GDPR (legitimate interest of the controller));
  7. Use of the Website and ensuring its proper functioning (Article 6(1)(f) of the GDPR (legitimate interest of the controller)) – processing is necessary for the purposes resulting from the legitimate interests of the Controller – consisting in running and maintaining the Website;
  8. Keeping statistics and analyzing traffic on the Website (Article 6(1)(f) of the GDPR (legitimate interest of the controller)) – processing is necessary for the purposes resulting from the legitimate interests of the Controller – consisting in keeping statistics and analyzing traffic on the Website in order to improve the functioning of the Website.

Providing personal data is voluntary, however, the consequence of not providing data will be the inability to establish a business relationship with ADO or use ADO services.

Withdrawal of consent prevents ADO from further providing services. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Fundamental principles of personal data processing

  1. ADO stosuje wyrażoną w RODO zasadę minimalizacji poprzez przetwarzanie dane osobowe jedynie w zakresie niezbędnym do realizacji celów, dla których są zbierane. Cele zbierania danych osobowych Klientów jako jasno określone, mają swoje oparcie w przepisach prawa. ADO nie przetwarza danych osobowych w sposób niezgodny z tymi celami.
  2. ADO realizuje prawa Klientów dotyczące ich danych osobowych zgodnie z przepisami prawa, w tym dba o poprawność danych osobowych Klientów i niezwłocznie reaguje na każde wnioski o sprostowanie lub aktualizację danych.
  3. ADO ogranicza przechowywanie danych osobowych zgodnie z przepisami prawa, jedynie do okresu niezbędnego dla realizacji celów dla których są zbierane, chyba że zachodzą przyczyny umożliwiające wydłużenie okresu przechowywania danych.
  4. Jeżeli dane osobowe są udostępniane innym podmiotom, następuje to w sposób bezpieczny, umownie zabezpieczony lub w inny sposób zgodny z obowiązującymi przepisami prawa. Dotyczy to w szczególności zewnętrznych podmiotów przetwarzających, z którymi współpracuje ADO i z którymi zawiera odrębną umowę powierzenia przetwarzania danych osobowych będącą załącznikiem do umowy o współpracy.

Prawa osób, których dane dotyczą

The ADO client whose personal data is processed has the following rights

  1. Right of access, rectification, restriction, erasure, or portability – the data subject has the right to request from the Controller access to their personal data, rectification, erasure (“right to be forgotten”), or restriction of processing, and has the right to object to processing, as well as the right to data portability. Detailed conditions for exercising the aforementioned rights are specified in Articles 15-21 of the GDPR.
  2. Right to withdraw consent at any time – if data is processed by the Controller based on expressed consent (pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR), the data subject has the right to withdraw consent at any time, without affecting the lawfulness of processing carried out based on consent before its withdrawal.
  3. Right to lodge a complaint with a supervisory authority – the data subject whose data is processed by the Controller has the right to lodge a complaint with a supervisory authority in the manner and procedure specified in the provisions of the GDPR and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych).
  4. Right to object – the data subject has the right to object at any time – on grounds relating to their particular situation – to the processing of personal data concerning them based on Article 6(1)(e) (public interest or tasks) or (f) (legitimate interest of the controller), including profiling based on those provisions. In such a case, the Controller shall no longer process those personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or grounds for the establishment, exercise, or defense of legal claims.
  5. Right to object to direct marketing – if personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning them for such marketing, including profiling, to the extent that the processing is related to such direct marketing.

     

The exercise of rights can be implemented by sending an email to kontakt@identt.pl with a specific request, additionally, the Client’s first name, last name, email address, and the scope of personal data to which the request relates should be provided.

The Client also has the right to lodge a complaint with a supervisory authority if they believe that the processing of personal data by ADO violates the provisions of applicable law.

Personal data recipients

  1. Clients’ data may be transferred to entities authorized to receive it under applicable law, including competent law enforcement authorities.
  2. Personal data may also be transferred to trusted recipients such as: carriers, entities handling accounting, partners providing technical services (development and maintenance of IT systems and websites).
  3. As a rule, personal data is not transferred to a third country/international organization. However, personal data may be transferred to a third country/international organization, in particular if it is necessary due to the service ordered by the Client.
  4. If, as part of the processing, personal data will be transferred to recipients in third countries (outside the European Economic Area), ADO verifies whether these entities provide guarantees of a high degree of protection of the processed personal data. These guarantees result in particular from the obligation to apply standard contractual clauses adopted by the Commission (EU) in the decision on standard contractual clauses for the transfer of personal data to processors established in third countries. The transfer of data may take place on the basis of a decision on an adequate level of protection taken by the European Commission or on the basis of standard contractual clauses or on the basis of the express consent of the data subject.

Additional information concerning data processing

  1. Personal data will be stored only for the period necessary to achieve the specific purpose for which it was collected, and after that period for the period necessary to secure or pursue any claims or fulfill ADO’s legal obligation (arising from tax or accounting regulations).
  2. Personal data processed for the purpose of marketing own products or services on the basis of a legitimate legal interest will be processed until the Client objects.
  3. ADO uses IP addresses collected during internet connections only for technical purposes related to server administration. In addition, IP addresses are used to collect general, statistical demographic information (e.g. about the region from which the connection is made).
  4. ADO may process personal data in an automated manner, including in the form of profiling, however, automated processing will not lead to decisions that produce legal effects or similarly significantly affect the Client. This processing may affect the selection of displayed ads or the selection of offered products and services. The client may receive special offers through personalized email or online advertising. ADO does not process personal data in a way that would involve making solely automated decisions about the Client that produce legal effects or similarly significantly affect them.

Cookies files

  • ADO uses cookies or similar technologies (hereinafter collectively: “cookies”), which are understood as IT data, in particular text files, intended for use on ADO’s websites and stored on the terminal devices of Clients browsing the websites. Information collected using cookies allows for the adjustment of services and content to individual needs and user preferences, as well as serves to develop general statistics regarding users’ use of the websites. Data collected using cookies are collected solely for the purpose of performing specific functions for Clients and are encrypted in a way that prevents unauthorized access.
  • As a general rule, ADO uses two types of cookies – “session” and “persistent” cookies. Session cookies are temporary files that remain on the user’s device until logout, leaving the website, or closing the software (web browser). Persistent cookies are files that remain on the user’s device for the time specified in the cookie parameters or until they are manually deleted by the user.
  • Within ADO’s websites, the following types of cookies are used, depending on the necessity to provide services:
    • necessary cookies, enabling the use of services available on ADO’s websites, in particular authentication cookies used for services requiring authentication;
    • cookies used to ensure security, in particular used to detect authentication abuses;
    • performance cookies, enabling the collection of information about how websites are used;
    • functional cookies, enabling “remembering” user-selected settings and personalizing the user interface;
    • advertising cookies, enabling the delivery of advertising content tailored to user interests

Legal grounds for the use of cookies

  1. The web browsing software (web browser) usually allows cookies to be stored on the end device by default. The Client browsing ADO websites may independently and at any time change the settings for cookies, specifying the conditions for their storage and access to 1 their device by cookies. The Client can make these changes to the settings using the web browser settings. These settings can be changed in particular in such a way as to block the automatic handling of cookies in the web browser settings or 2 to inform about each placement of cookies on the Client’s device. Detailed information about the possibilities and ways of handling cookies is available in the software settings (web 3 browser).
  2. Using the websites operated by ADO, without changing the settings for cookies, means consent to the saving of cookies. The client can always withdraw consent by changing the settings for cookies.

Version  1.1 (02.01.2022)