I. GENERAL PROVISIONS
This document has been prepared out of concern for the privacy of Users of the Website and services provided by iGDPR sp. z o.o. with its registered office in Warsaw (hereinafter: “iGDPR” or “Controller”).
This document applies only to the Website administrated by iGDPR Sp. z o.o. with its registered office in Warsaw iGDPR shall not be held liable for links placed on the Website allowing the Users to directly access websites administrated other entities.
Capitalized terms should be understood in accordance with the following definitions:
a) “Account” – an area made available to the User, which allows the use of functionalities of the iGDPR Website. An Account is created after Registration. Within an Account, User data are collected.
b) “Operator” – IGDPR sp. z o.o. with its registered office in Warsaw, at 18 Twarda Street (00-105 Warsaw) entered into the Register of Entrepreneurs of the National Court Register under the KRS number 0000911811, NIP: 5252870967.
d) “Registration” – the procedure of creating an Account consisting of the completion and approval of the Registration form in accordance with the instructions provided by the Operator.
e) “GDPR” – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
f) “Website” – the website operated by the iGDPR.
g) iGDPR Software – the software made available for use by the iGDPR under the Agreement.
h) “iGDPR Website” – the Website available at www.igdpr.eu and the iGDPR Service.
i) “Agreement” – an agreement concluded by the Controller with the User, concerning the provision of a Service, the terms of which are set out in the iGDPR Rules available at https://www.igdpr.eu/regulamin.
j) “DPA” – an agreement regulating the principles of personal data processing by the Operator on behalf of its Customers.
k) “Service” – the electronically provided service referred to in the iGDPR Rules.
l) “User” – a natural person who uses the iGDPR Website.
III. CONTROLLER OF PERSONAL DATA
The Controller of the Users’ personal data is iGDPR sp. z o.o. with its registered office in Warsaw at Twarda 18 Street (00-105 Warsaw) entered in the Register of Entrepreneurs of the National Court Register under KRS number 0000911811, NIP: 5252870967 (hereinafter: “iGDPR” or “Controller”).
iGDPR processes personal data in accordance with applicable laws, including GDPR. (hereinafter: “GDPR”).
IV. COLLECTION OF PERSONAL DATA
iGDPR may collect User data when using the Website and the iGDPR Website.
Gaining full access to the content and Services offered through the iGDPR Website requires Registration and creation of an Account. During the Registration process, the User is asked to provide data necessary to provide access to the content or performance of the Services and to provide additional data, if any, that is not necessary for the Registration.
Providing personal data is voluntary, but failure to provide certain data may prevent Registration or use of certain Services.
Providing personal data is voluntary, but failure to provide certain data may prevent Registration or use of certain Services. iGDPR also collects information on User interaction with the Website, content and services, including: device and login information, date, time of visit and IP number of the device from which the connection was made, data on viewing statistics of the Website, traffic to and from particular websites, number of clicks, time spent on particular websites, type and version of the operating system, data on device location. The above activities are aimed at providing online services, improving the Website and adjusting them to the User’s needs.
iGDPR may also receive personal data from payment operators, i.e. entities that enable the User to make online payments for the purchased Services. The iGDPR will then receive information about the status of payment for the Service.
iGDPR may also process other personal data provided by the User, insofar as it is necessary for the performance of concluded agreements and the provision of Services, contact and response to requests or inquiries.
V. PURPOSES AND LEGAL BASIS OF DATA PROCESSING
iGDPR may process your personal data using the following legal bases described in the GDPR.
The User may be asked to consent to the processing of personal data, or provide his/her personal data independently and voluntarily (e.g. by filling in an optional form field). In this case, the legal basis for processing is Article 6 (1)(a) of the GDPR. The expression of consent is always voluntary. Consent can be withdrawn at any time. However, the withdrawal of consent does not affect the legality of data processing before its withdrawal.
2. Performance of the Agreement
The legal basis for the processing of the User’s personal data may also be the need to perform the Agreement or other agreements concluded with the User, on the basis of which the User gains access to the Website and uses the Services. In that case, the personal data necessary for the performance of the Services are processed pursuant to Article 6 (1)(b) of the GDPR.
3. Legal obligation
Personal data may also be processed on the basis of Article 6 6(1)(c) of the RODO, due to the need to comply with legal obligations. This includes situations in which personal data must be processed, e.g. resulting from issued invoices for billing and tax purposes.
4. Legitimate interest
iGDPR may process data on the basis of Article 6 6(1)(f) of the GDPR when this is necessary for the purposes arising from the legally justified interests pursued by the iGDPR or by third parties.
Based on its legitimate interest, iGDPR processes Users’ data for marketing purposes, including profiling and display of personalized offers, advertisements and other services on the Website and on the Internet. The legitimate interest is to tailor marketing content to the Users’ interests.
On the same basis, iGDPR processes data to conduct analytics, market and opinion research, including research and analysis of traffic on the iGDPR Website. The legitimate interest is to improve the content and services of iGDPR.
iGDPR may also process personal data for the purposes of asserting rights and defending against claims, for evidence and for archival purposes. The interest of iGDPR in this case is the need to protect its own rights.
In order to ensure the security of the provided services and IT systems, session security and to detect abuses on the Website, based on the legitimate interest, the User’s data, in particular system logs, may also be processed.
As part of its legitimate interest, GDPR also provides features offered by social networks on its websites (e.g. “Like” buttons) and transfers selected User data to the operators of these sites. Legitimate interest in this case is increasing attractiveness of iGDPR Website.
VI. DATA SHARING
iGDPR provides access to Users’ personal data when it has a legal basis to do so, as well as at the request of authorized entities, or when it is necessary to perform the Service
Personal data can be made available at the request of public authorities or other entities authorized to such access by law, in particular when it is necessary to ensure the security of iGDPR systems or the rights of other Users.
Access to personal data may be obtained by entities whose services are used by iGDPR to provide the Service, including IT service providers, entities providing analytical services and opinion polls on the Internet, entities performing mailing campaigns, advertising agencies. In such cases, iGDPR has entered into appropriate agreements with these entities, the object of which is to protect personal data against unauthorized access.
Access to personal data have also authorized employees and associates of iGDPR. They have access to personal data in connection with the performance of their official duties.
Personal data may also be shared with data recipients who are independent controllers of personal data, including banks, law firms, courier firms.
iGDPR may use the services of entities that process personal data entrusted to them outside the European Economic Area. In such cases, personal data may be stored in countries that provide an adequate level of protection of personal data, or in countries that do not provide such a level. iGDPR secures personal data by entering into agreements with service providers containing the so-called Standard Contractual Clauses accepted by the European Commission, which provide a guarantee of adequate protection of Users’ data in third countries.
VII. USER RIGHTS
In connection with the processing of personal data, the User has the following rights:
1. The right to access their personal data and to receive a copy of their personal data.
2. The right to demand the rectification of his personal data, if the personal data is incorrect or incomplete. The user can also correct his personal data after logging in to the Account.
3. The right to request the deletion of personal data, e.g. in case when personal data is no longer necessary for iGDPR to carry out the purpose for which it was collected.
4. The right to request restriction of personal data processing.
5. The right to request the transfer of personal data, e.g. data processed on the basis of consent.
6. The right to withdraw consent to the processing of personal data.
7. The right to lodge a complaint to the President of the Office for Personal Data Protection regarding the processing of personal data by iGDPR.
8. The right to object to the processing of personal data. By applying the right to object, the User may request that iGDPR cease processing his/her personal data due to his/her particular situation when:
i. iGDPR processes the User’s personal data on the basis of its legitimate interest, except where the interests of iGDPR prove to be superior to the interests, rights and freedoms of the User;
ii. the User’s personal data are processed for direct marketing purposes.
VIII. RETENTION PERIOD FOR PERSONAL DATA
Users’ personal data is stored for the time necessary to fulfill the purposes for which the data was collected. Personal data may be stored longer if such an obligation arises under the law or it is necessary for the defense against claims, administrative liability, criminal liability or the assertion of claims by iGDPR.
If the personal data are processed for the performance of a contract, the personal data will be processed for the duration of the performance of the contract and until the expiration of the statute of limitations for claims under that contract.
Data processed on the basis of consent, shall be processed until that consent is withdrawn. If the basis is the legitimate interest of the controller, the data are processed until the User makes an effective objection.
The Website uses automatic data storage mechanisms (mechanism type: “cookies”, “Local Storage”, “Session Storage”). They are used in order to better adapt the Website to the needs of Users. These are text files saved on the User’s end device, used to identify the User’s browser. Due to the aforementioned files iGDPR obtains statistical information on User traffic, User preferences and activity, and usage of the Website. Files allow to customize content and Services to User preferences. No information is collected through the files which enables direct identification of User, such as name and surname, residential address, e-mail address or telephone number.
Most of the files (so-called session files) are automatically deleted from the hard drive after the session ends (i.e. after logging out or closing the browser window). Some of the files allow for recognition of the User’s end device during repeated visits to the Website – they are not deleted automatically, they are saved on the end device.
iGDPR also uses Local Storage and Session Storage technologies. This technology is similar in principle to cookies. It is a separate part of the browser’s memory that allows web applications to store data locally. The data in Local Storage is stored for a long time by the browser, and is not deleted when the browser is closed. They also have no expiry date. The data stored in Session Storage is deleted when you close your browser. The User can delete the data stored in the Local or Session Storage at any time.
2. Purposes of using “cookies”.
iGDPR uses “cookies” for the following purposes:
a) to authenticate the User and to allow logging into the User’s account;
b) to adjust services to Users’ preferences by storing information on language and communication preferences of Users;
c) to conduct analyses and research on the efficiency of the Website and ways of using the Website by Users;
d) to ensure safety of the Website by preventing abuse and data leaks;
e) to conduct marketing activities and transfer to Users advertisements adjusted to their preferences on the Website and in the Internet.
4. Social network services
5. Management of “cookies”
The User can, at any time, disable the acceptance of cookies in his browser, however, the effect of such a change may be difficulties in the operation of services provided through the Website. The stored cookies can also be deleted by the User by using proper functions of the Internet browser, programs serving this purpose or tools available within the operating system used by the User.
Failure to make changes in the settings of the browser used in the management of “cookies” will result in “cookies” being placed automatically in the User’s terminal equipment. If the User does not make any changes in the browser’s settings resulting in disabling cookies and using the Website at the same time, it means that the User consents to placing and reading cookies and using similar technologies by iGDPR according to the principles described in this Policy.
Due to the variety of available browsers and applications used to operate websites, management of “cookies” in different browsers looks different, so before using the Website we recommend that you familiarize yourself with how to manage privacy / security features:
• Internet Explorer
X. TECHNICAL AND ORGANIZATIONAL MEASURES TO PROTECT DATA
iGDPR processes personal data using appropriate security measures, both organisational and technical. In particular, iGDPR secures personal data against unauthorized access, use or disclosure.
XI. PRINCIPLES OF OUTSOURCING THE PROCESSING OF PERSONAL DATA
Providing Services through the iGDPR Website requires the processing by iGDPR of personal data, for which the controllers of personal data remain individual clients (i.e. directly the Users, or entrepreneurs on behalf of whom the Users act).
In connection with the above, conclusion of the Agreement means at the same time conclusion of the Agreement for entrusting the processing of personal data, the content of which is available HERE.