1. Who we are and how to find us
Our name is Architektura Informatyka Michał Rączka, 5472132941, Józefa Sarego, nr 18, lok. 5, 31-047 Kraków. You can also contact us via e-mail at: firstname.lastname@example.org
2. How and why we process your personal data
We process your personal data in order to perform a contract with you (after all, using our Website is nothing more than using services provided by us electronically, such as the service of accessing the content of our Website) and under consumer legislation.
The legal basis for the processing of your personal data is therefore Article 6(1)(b) GDPR (processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract) and Article 6(1)(c) GDPR (processing is necessary for compliance with a legal obligation incumbent on the controller).
In addition, the legal basis for our processing of your personal data is Article 6(1)(f) of the GDPR (processing is necessary for the purposes of legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child). This legitimate interest is to ensure that, in the event of a dispute with you, we are able to prove the content of the contract between us and that we have performed it properly.
With your separate consent, we may also process your personal data for marketing purposes (i.e. to invite you by email to take advantage of promotions organised, partner’s commercial offer and to send you other marketing information). The legal basis for processing your personal data for these purposes is therefore Article 6(1)(a) of the GDPR (the data subject has consented to the processing of his/her personal data for one or more specified purposes).
In addition, we process user data that characterizes how you use our Website (this is known as usage data). This processing involves the automatic reading of a unique identifier that identifies the telecommunications network termination point or the ICT system you are using (i.e. your IP address), as well as the date and time of the server, information about the technical parameters of the software and the device you are using (e.g. whether you are using the Website via a laptop or a phone), and the location from which you connect to our server. We may use this information for statistical purposes and to improve the operation of the Website. The data stored in server logs are not associated with particular users of the Website. The server logs constitute only auxiliary material for the administration of the Website.
The legal basis for the operation of exploitation data processing is Article 6(1)(f) of the GDPR
(processing is necessary for the purposes arising from the legitimate interests pursued by the controller). This legitimate interest is to enable the diagnosis of Website errors and to improve its quality.
Cookies allow us to:
• ensure the proper functioning of the Website ,
• Improve the speed and security of Website usage,
• use analytical tools.
Here too, the legal basis for our action is Article 6(1)(f) of the GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller). This legitimate interest is the better performance of the Website .
Cookies can be divided into own and third party.
Own cookies - we use them to improve the performance of the Website .
3. What personal data we process
We will always endeavour to process only the personal data that are necessary and to the minimum extent necessary and may process the following personal data about you:
• email address,
• phone number,
• IP address,
• server date and time,
• the location of the end device from which the user connects to the Website ,
• technical parameters of the device and software used by the user.
4. To whom we disclose your personal information
We disclose your personal data to the required extent to state administration bodies, authorized to do so by law (such as tax authorities).
Your personal data is processed in an IT system, some of which is located in the so-called public computing cloud provided by third parties. We have guaranteed in our contracts with these entities that they will not be transferred to so-called third countries (outside the European Economic Area), where the GDPR does not apply.
You also need to know that in our business we use the support of specialized third parties who may or must have access to some of your data - these are entities that provide us with services in the field of:
− accounting services,
− IT system support,
− Internet payment processing.
In addition, if you use certain features of the Website , your information may be transferred to our business partner, who will provide you with a service that you order from them and for the performance of which it will be necessary for you to provide your personal information, which will be transferred in this way.
We have ensured in the relevant agreements with these entities that the data entrusted to them is to be protected in accordance with the GDPR and will not be transferred to third countries.
5. How long we will process your data
If you are our customer using the paid functions of the Website , we will process your personal data only for as long as it is necessary for tax purposes, i.e. in accordance with the currently applicable provisions of Polish law - for 5 years after the tax obligation arises. You are probably well aware that five tax years can mean six and sometimes almost seven calendar years.
Moreover, if we cooperate with you on a regular basis (e.g. by maintaining an account in the Website for you), then of course we will process your data, necessary for this purpose, for the entire period of cooperation, i.e. maintenance of the account in the Website.
Also, if you are entitled to any rights under the law or a contract (e.g. under a complaint), we will need to process your personal data for the entire period of their duration in order to be able to provide you with assistance in this regard if necessary.
The processing of your data based on your consent, as a legal prerequisite, continues until you withdraw your consent.
6. How we enable you to exercise your rights
We make every effort to ensure that you are happy with your relationship with us. However, please remember that you have a number of rights that will allow you to influence how we process your personal data and, in some cases, cause us to stop such processing. These rights are:
- the right of access to your personal data (governed by Article 15 of the GDPR)
Article 15 - Data subject's right of access
The data subject shall be entitled to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed and, if so, shall be entitled to obtain access thereto and the following information:
(a) purposes of processing;
(b) the categories of personal data involved;
(c) information on the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
(d) where possible, the intended period for which the personal data will be stored and, where this is not possible, the criteria for determining that period;
(e) information on the right to request from the controller the rectification, erasure or restriction of the processing of personal data concerning the data subject, and to object to such processing;
(f) information about the right to lodge a complaint with the supervisory authority;
(g) if the personal data was not collected from the data subject, any available information about its source;
(h) information on automated decision-making, including profiling as referred to in Article 22(1) and (4), and, at least in those cases, relevant information on the modalities of such decision-making as well as on the significance and envisaged consequences of such processing for the data subject.
Where personal data are transferred to a third country or an international organisation, the data subject shall have the right to be informed of the appropriate safeguards referred to in Article 46 relating to the transfer.
The controller shall provide the data subject with a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. If the data subject requests a copy by electronic means and unless otherwise indicated, the information shall be provided by commonly used electronic means.
The right to obtain a copy as referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.
- The right to data rectification (regulated in Article 16 GDPR) Article 16 - Right of rectification
The data subject shall have the right to request from the controller the immediate rectification of personal data concerning him or her which are inaccurate. Having regard to the purposes of the processing, the data subject shall have the right to request that incomplete personal data be completed, including by means of a supplementary declaration.
- The right to erasure of data (regulated in Article 17 GDPR) Article 17 - Right to erasure ("right to be forgotten")
The data subject shall have the right to request from the controller the immediate erasure of personal data concerning him or her, and the controller shall be obliged to erase the personal data without undue delay if one of the following circumstances applies:
(a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
(b) the data subject has withdrawn the consent on which the processing is based in accordance with Article 6(1)(a) or Article 9(2)(a), and there is no other legal basis for the processing;
(c) the data subject objects pursuant to Article 21(1) to the processing and there are no overriding legitimate grounds for the processing or the data subject objects pursuant to Article 21(2) to the processing;
(d) the personal data were unlawfully processed;
(e) the personal data must be erased in order to comply with a legal obligation under Union law or the law of a Member State to which the controller is subject;
(f) the personal data was collected in connection with the offering of information society services referred to in Article 8(1).
Where a controller has made personal data public and is required under paragraph (1) to erase that personal data, the controller shall, taking into account available technology and the cost of implementation, take reasonable steps, including technical measures, to inform controllers processing that personal data that the data subject requests that those controllers erase any links to, copies of, or replications of that personal data.
Paragraphs 1 and 2 shall not apply to the extent that the processing is necessary:
(a) To exercise the right to freedom of expression and information;
(b) to comply with a legal obligation requiring the processing under Union law or the law of a Member State to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
(c) on grounds of public interest relating to public health in accordance with Article 9(2)(h) and
(i) and Article 9(3);
(d) for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1), insofar as the right referred to in paragraph 1 is likely to prevent or seriously impede the purposes of such processing; or
(e) to establish, assert or defend claims.
- The right to restrict processing (regulated in Article 18 of the GDPR)
Article 18 - Right to restrict processing
The data subject shall have the right to request the controller to restrict processing in the following cases:
(a) the data subject challenges the accuracy of the personal data - for a period allowing the controller to verify the accuracy of the data;
(b) the processing is unlawful and the data subject opposes the erasure of the personal data, requesting instead that the processing be restricted;
(c) the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them for the establishment, exercise or defence of claims;
(d) the data subject has raised an objection under Article 21(1) to the processing - until such time as it is established whether the legitimate grounds on the part of the controller override the grounds for the data subject's objection.
Where processing has been restricted pursuant to paragraph 1, such personal data may be processed, with the exception of storage, only with the consent of the data subject or for the establishment, exercise or defence of claims or for the protection of the rights of another natural or legal person or for important grounds of public interest of the Union or of a Member State.
Before lifting a restriction on processing, the controller shall inform the data subject who requested the restriction under paragraph 1.
- The right to object to the processing (regulated in Article 21 GDPR) Article 21 - Right to object
The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to processing of personal data concerning him or her based on Article 6(1)(e) or (f), including profiling pursuant to those provisions. The controller shall no longer be permitted to process those personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defence of claims.
Where personal data are processed for the purposes of direct marketing, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, including profiling, to the extent that the processing is related to such direct marketing.
If the data subject objects to processing for direct marketing purposes, the personal data may no longer be processed for such purposes.
At the latest on the occasion of the first communication with the data subject, the data subject shall be clearly informed of the right referred to in paragraphs 1 and 2 and shall be presented clearly and separately from any other information.
In relation to the use of information society services and without prejudice to Directive 2002/58/EC, the data subject may exercise the right to object by automated means using technical specifications.
Where personal data are processed for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1), the data subject shall have the right to object - on grounds relating to his or her particular situation - to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out in the public interest.
- The right to data portability (regulated in Article 20 GDPR)
Article 20 - Right to data portability
The data subject shall have the right to receive, in a structured, commonly used machine- readable format, the personal data concerning him or her which he or she has provided to the controller, and shall have the right to transmit such personal data to another controller without hindrance from the controller to whom the personal data was provided, if:
(a) processing is based on consent pursuant to Articles 6(1)(a) or 9(2)(a) or on contract pursuant to Article 6(1)(b); and
(b) the processing is carried out by automated means.
In exercising the right to data portability under paragraph 1, the data subject shall have the right to require that the personal data be sent by the controller directly to another controller insofar as this is technically possible.
The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. This right shall not apply to processing which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.
To exercise any of the rights described, please contact us by e-mail at email@example.com
7. Complaint to the supervisory authority
Pursuant to Article 77 of GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place where the alleged infringement took place, if you believe that the processing of personal data concerning you violates the provisions of GDPR. In Poland, the supervisory authority is the President of the Office for Personal Data Protection - you can lodge a complaint, among others, by post to Stawki 2 Street, 00-913 Warsaw or by email to firstname.lastname@example.org, you can also obtain more detailed information (including current telephone numbers) on the website: https://uodo.gov.pl/
8. Is the provision of data necessary to conclude a contract with us?
We collect your personal data primarily to the extent necessary to enter into and perform a contract. Part of the data is also necessary for us to fulfil our legal obligations (tax regulations, accounting regulations, pro-consumer obligations). Failure to provide personal data by you will unfortunately prevent the conclusion and execution of the contract.
9. Where we got your personal data from?
10. Automated processing and profiling