This document sets out the principles governing the protection of personal data for people who use the service https://cybermadeinpoland.pl/ (hereinafter: Service).
Controller is obliged to protect the privacy of Service Users. To this end, the Controller shall exercise best efforts to ensure that Service User’s provided personal data is protected in relation to using the Service and making purchases.
The controller of your personal data is:
Polski Klaster Cyberbezpieczeństwa CyberMadeInPoland Sp. z o.o. with headquarters in Krakow, ul. Wilhelma Feldmana 4/9-10, 31-130 Kraków, entered in the register of entrepreneurs by the District Court for Kraków-Śródmieście in Kraków, 11th Commercial Division of the National Court Register under KRS number: 0000854192 NIP: 6762583919 REGON: 386754317
THE BASIS AND PURPOSES OF PROCESSING
In the case of a contact in order to enter into a contract, we process your data to take action at your request before the conclusion of the contract, e.g. conduct negotiations or presenting an offer (legal basis: Art. 6 Para 1 points b and f of GDPR). Should we enter into a contract with you, the data will be processed:
- in order to conclude and fulfil it (including but not limited to contacting you as regards its fulfilment, payment confirmation, rebate granting, goods delivery, notification sending about order completion) and pursuant to it (legal basis in Art. 6 Para 1 point b of GDPR);
- in order to perform legal obligations incumbent on the Controller, including tax obligations duties arising from Civil Code regulations, GDPR regulations, VAT invoice issuance, complaint handling, information requirement compliance (legal basis in Art. 6 Para 1 point c of GDPR);
- in order to archive (store as evidence) for preserving information in the case a legal need to demonstrate facts arises, on the basis of a legitimate interest pursued by the Controller (legal basis in Art. 6 Para 1 point f of GDPR), this interest being documentation archiving;
- in order to establish, pursue, or defend against claims if need be, on the basis of a legitimate interest pursued by the Controller (legal basis in Art. 6 Para 1 point f of GDPR), this interest being establishing, pursuing, or defence against claims in such a case;
- in order to conduct direct marketing of its own products and services by the Controller on the basis of a legitimate interest pursued by the Controller (legal basis in Art. 6 Para 1 point f of GDPR), this interest being direct marketing of one’s own products and services;
- in order to personalise the advertising offer to customers’ needs, present advertisements on the basis of your consent and a legitimate interest pursued by the Controller (legal basis in Art. 6 Para 1 point f of GDPR), this interest being personalisation of offer categories or particular offers.
- Commercial information
If you have granted consent to do so, your personal data will be processed in order to send commercial information on products and services, promotional offers, and deals on the basis of your consent and a legitimate interest pursued by the Controller, which is in this case direct marketing of one’s own products and services (legal basis in Art. 6 Para 1 point f of GDPR).
- Contact form
We process the data you input in the contact for in order to perform submission handling and answer questions on the basis of a legitimate interest pursued by the Controller (legal basis in Art. 6 Para 1 point f of GDPR), which is in this case contacting customers and offering them answers to questions.
- Conducting traditional and e-mail correspondence
In the case of your sending to the Controller e-mail or postal correspondence which is not related to service rendering or performance of another contract, the personal data contained therein is processed in order to process the request or enquiry put forward in the correspondence.
The basis for the processing in such a case is a legitimate interest pursued by the Controller (Art. 6 Para 1 point f of GDPR), which lies in carrying on a correspondence and handling requests and enquiries in relation to the business activities performed. Providing personal data necessary to handle the request is mandatory.
- Telephone contact
In the case you are contacted by telephone in matters that are not related to rendering services to you or performing another contract, the personal data you provided are processed in order to handle a request or enquiry submitted.
The basis of the processing in this case is a legitimate interest of the Controller (Art. 6 Para 1 point f of GDPR), which lies in carrying on a correspondence and handling requests and enquiries in relation to the business activities performed. The Controller can require that you provide the data necessary for request handling, in which case the provision of such data is mandatory for request handling.
- Contact by employees of the Contracting Party, Customer or a third party
In the case you contact us by telephone or e-mail in relation to a contract that your employer entered into or actions taken at the employer’s request prior to entering into a contract, we process the data thus obtained in order to perform the contract concluded and to take action at request prior to entering into a contract (legal basis in Art. 6 Para 1 point b of GDPR), and to pursue or defend against claims, which constitutes a legitimate interest of the Controller to protect its rights (the basis in Art. 6 Para 1 point f of GDPR).
If you contact us regarding a matter other than the contract entered into, for instance to obtain information about the events, conferences, training sessions held or statutory activities, we process your data in order to answer the question posed or to resolve the matter which you present. The basis for processing is a legitimate interest of the Controller that lies in answering the question posed or resolving the matter in connection with its business activities (legal basis in Art. 6 Para 1 point f of GDPR).
- Other bases for processing
Your data may also be processed for analytical and statistical purposes of gauging customer satisfaction, which is a legitimate interest of the Controller (legal basis in Art. 6 Para 1 point f of GDPR).
If you are a member of the bodies of the Controller, we process your data in order to exercise supervisory and control rights and obligations as imposed by legal codes and statutes (legal basis in Art. 6 Para 1 point c of GDPR), as well as for the proper functioning of the association on the basis of a legitimate interest pursued by the Controller (legal basis in Art. 6 Para 1 point f of GDPR), which is in this case the proper functioning of the association.
- Data sharing and outsourcing the data processing
We may share your personal data with the entities we use to process them, in particular the companies providing services for goods delivery (couriers), handling the processes necessary for notification sending, service providers providing advertising and marketing services, as well as for the settlement of fees due.
The Controller will also make your data available in situations when it is necessary due to an obligation incumbent on it.
The Controller may make your personal data available to transaction parties in transactions concluded through the Service. The entities to which the GDPR applies, having obtained portal users’ personal data from the Controller, are obligated to discharge any and all obligations resulting from the GDPR and other legal provisions towards these users, including ensuring the exercise of the rights vested under the GDPR.
The Controller can share the data stored in cookies with Trusted Partners in order to better assess the attractiveness of advertising and services to improve the overall quality and effectiveness of services provided by the said entities. The sharing of data stored in cookies is subject to the User’s consent. The recipient of the information stored in cookies is the hosting provider operating the web portal.
- Data transfer to third countries or international organisations
The Controller may entrust the processing of personal data to a third country, namely outside the European Economic Area, and transfer the data to external entities cooperating with the Controller and acting on its behalf for the purposes described above.
Your personal data may be transferred outside the European Economic Area to:
- Alphabet Inc. with its seat in San Bruno, California in the United States, being the owner of an internet service available at the following address: www.youtube.com and having ties to Google LLC with its seat in Mountain View, California in the United States in relation to using the above portal and making available the recordings of the events, conferences, and webinars held,
- Linkedin Corp. based in Mountain View (California) in the United States in connection with the publication of information on the website www.linkedin.com by the Administrator.
The Controller may also store your personal data in a location that is subject to a different jurisdiction than your place of residence or registered office.
In addition, some of our Trusted Partners may store service user data outside the EEA (European Economic Area).
Data is transferred outside the EEA, e.g. to the US, only if the processor in question ensures a relevant degree of data security and protection, e.g. following the European Commission decision of 12 July 2016 known as Privacy Shield. This means that your data cannot be transferred except to such processors that uphold the principles laid down by the United States Department of Commerce as part of EU-US Privacy Shield Framework, which regulate personal data collection, use, and storage with regard to data from European Union Member States. Such data transfer only transpires when the data-receiving processor has entered into a contract containing the standard contractual clauses requiring a relevant degree of personal data protection.
DATA RETENTION DURATION
The period for which we may process your personal data depends on the legal basis constituting the legal prerequisite for personal data processing by the Controller. We will never process personal data for a period longer than the above-mentioned legal basis. Accordingly, we inform you that:
- where the Controller processes personal data on the basis of consent, the processing period lasts until your withdrawal of this consent;
- where the Controller processes your personal data collected on the basis of your request to take action by the Controller prior to entering into a contract or other specific action, the processing period lasts for the time necessary to take the action at your request;
- where the Controller processes personal data when it is necessary for the contract performance, the processing period lasts until the possibilitý of either party asserting a claiḿ related to the contract ceases;
- where the Controller processes personal data on the basis of a legitimate interest of the controller, the processing period lasts until the said interest ceases to exist (e.g. the limitation period for civil law claims) or until the moment when the data subject objects to further such processing – in the situations when such an objection is possible under the legal regulations;
- where the Controller processes personal data because it is necessary by virtue of the applicable legal regulations, the periods of data processing for this purpose are determined by these regulations.
We inform you that you have:
- the right of access to your data and of obtaining its copy;
- the right to rectification (correction) of your data;
- the right to erasure;
If, in your opinion, there is no basis for us to process your data, you can request that we delete them.
- the right to restriction of data processing;
You may request that we restrict the processing of your personal data solely to storing them or carrying out activities agreed with you, if in your opinion we have incorrect data about you or are processing it with no legal basis; or you do not want us to erase it because you need it to establish, pursue, or defend legal claims; or for the duration of an objection you have submitted against data processing.
- the right to object to the processing;
The “marketing” objection. You have the right to object to the processing of your data for direct marketing purposes. If you exercise this right – we will cease to process your data for this purpose.
Objection on the grounds of a special situation. You have the right to object to the processing of your data on the basis of a legitimate interest for purposes other than direct marketing, and also if the processing is necessary for us to perform a task carried out in the public interest or for the exercise of official authority entrusted to us. You should then indicate to us your particular situation which, in your opinion, warrants our ceasing of the processing objected to. We will stop processing your data for these purposes unless we demonstrate that the basis for our processing of your data overrides your rights or that your data are necessary for us to establish, pursue, or defend legal claims.
- the right to data portability;
You have the right to receive from us, in a structured, commonly used machine-readable format (e.g. the csv format), the personal data concerning you that you have provided to us on the basis of a contract or your consent. You may also instruct us to send this data directly to another entity.
- the right to lodge a complaint with a supervisory authority;
If you consider our processing of your data unlawful, you may lodge a complaint regarding this issue with the President of the Personal Data Protection Office in Poland.
- the right to withdraw your consent for personal data processing.
You have the right to withdraw your consent to the processing of the personal data that we process on the basis of your consent at any time. The withdrawal of consent will not affect the lawfulness of the processing that was carried out on the basis of your consent before its withdrawal.
Should you wish to exercise the above rights, please contact us personally via traditional or electronic mail using the following details:
Polski Klaster Cyberbezpieczeństwa CyberMadeInPoland with its seat in Kraków, ul. Wilhelma Feldmana 4/9-10, 31-130 Kraków, KRS number: 0000854192 NIP: 6762583919 REGON: 386754317
(Monday–Friday from 9 am to 5 pm).
PERSONAL DATA SUBMISSION ON A VOLUNTARY BASIS
The provision of data in connection with handling a request and a submitted enquiry by telephone, post or e-mail correspondence is necessary for the handling of the question, for answering it, and for the resolution of the matter, with failure to provide such data resulting in the impossibility of sending a response or settling the matter.
When you contact us to ask a question or indicate a matter to be settled, providing your data to enable us to contact you back is voluntary, but necessary to answer the question or resolve the matter presented.
Providing the data which is indicated as mandatory in the contact form is necessary for the handling of the question and the reply to the question, with failing to provide them making it impossible to send the enquiry.
Providing data in relation to entering into, delivery, and performance of a contract is voluntary, but necessary for the proper service rendering and contract performance. The consequence of failing to provide such data will be the inability to enter into a contract with the Controller.
We may also require that you provide data if it is necessary for discharging the legal obligations incumbent on us. In that case, the provision of data is mandatory.
Provision of data necessary to send commercial information on products and services, promotions and offers is voluntary, but necessary to send such information. Failure to provide such data makes it impossible to send commercial information on products and services, promotions and offers.
The information we collect in relation to the use of our Services shall not be processed in an automated manner (including in the form of profiling). We do not engage in profiling activities for marketing purposes, i.e. adjusting the marketing offer to User’s preferences.
Our Partners may not use targeting and profiling, in other words automated processing of personal data, which consists in such actions as using personal data to analyse or forecast personal preferences, interests, locations, behaviour.
Online service www.ik.org.pl uses cookie files to ensure top quality experience related to service use.
A cookie file is a small set of text strings sent by a server and saved on the device of a person who visits our Service (most frequently a PC permanent storage or in a mobile device). Information that is stored inside it is what the Service might need to self-modify to the ways in which the visitor uses the Service and to collect statistical data concerning it.
During the time in which Users view the Service content, information is automatically collected on the Service use by Users and on their IP addresses on the basis of access log analysis, e.g. the browser type, operating system type, data and time of the visit, number of connections, number of opened sites in the Service, content viewed.
No information that constitutes Service Users’ personal data is stored in cookies. Cookies are not used to determine User identity.
Within the Service, two basic types of cookie files are in use: session cookies and persistent cookies.
“Session” cookies are temporary files that are stored on the User’s end device until such time as the User logs out, leaves the website or turns software (internet browser) off.
“Persistent” cookies are stored on the User’s end device for a time specified in cookie parameters or until their removal by User.
Apart from cookies, the Service can also collect the data customarily gathered by online system administrators as part of so-called logs or log files. Information the logs contain can include: the IP address, platform type, internet browser type.
Cookies are used in the Service with the User’s consent.
Consent for cookie use
Saving cookie files on Users’ end devices is entirely at the User’s discretion. This means that when you consent to storing cookies, these files can be temporarily stored in the drive space dedicated for this purpose and read by their provider. Meeting the purposes given below is also warranted by the Controller’s legitimate interest that lies in ensuring access to the Service and service rendering of the highest possible quality (Art. 6 Para 1 point f of GDPR).
Cookie files are used for statistical purposes, to present and personalise Service content, to manage online forms, to modify Service content to suit a particular User’s preferences, to ensure correct functioning and functionalities of the Service, to conduct marketing of our products and services.
Cookies are also used for functional, content personalisation, statistical, analytical, and marketing purposes.
The basis for collecting information on Service Users is Controller’s legitimate interest, which lies in marketing its products and services, conducting statistical analyses and analytical work, ensuring the highest level of services rendered.
As a rule, cookie files do not constitute personal data. Certain information stored inside cookies (e.g. regarding preferences), however, especially in conjunction with other information on a website user can be treated as personal data. Personal data collected by means of cookies can be processed solely in order to execute particular functions for the user, as described above. Such data are encrypted in a way that precludes unauthorised persons from accessing them.
While using our websites, you may receive cookies coming from third parties that are partnering with Controller, such as Google, Facebook, Twitter, and from the companies which carry out advertising campaigns on our websites as commissioned by advertisers. More information on such cookies can be found on the websites maintained by the individual third parties.
Changing cookie settings
As a rule, internet browsers and other types of software installed on a computer or another device which has been connected to the network allow cookie files to be stored on such a device by default. As a result, they enable collecting information about persons who visit the Service. However, by changing internet browser settings Service User can modify or revoke the consent previously given to use the cookie technology at any time. The above means that Service User can for example partly reduce saving cookie files on the device or disable this option completely. Controller informs, however, that reducing or disabling cookie use may influence certain functionalities available on Service websites.
Detailed information on changing cookie file settings and their user-controlled removal across the most popular internet browsers is available in internet browser help settings and on the following pages:
- in the Firefox browser,
- in the Internet Explorer browser,
- in the Opera browser,
- in the Safari browser.
We inform you within the Service the links which allow Users to reach other websites directly may be present. Controller cannot affect privacy and cookie use policies pursued by the administrators of the said websites. We recommend that each User peruse the privacy and cookie use policy document before availing of the resources offered by other websites, if it has been made available, and should it be lacking, that he or she contact the person or persons responsible for a particular website to glean information on this topic.