By visiting our website: www.kontomatik.com (hereinafter referred to as: “Website”), you entrust your personal data to controllers which are jointly:
Kontomatik sp. z o.o. with its registered office in Warsaw at Prosta 51 Street, 00-838 Warsaw, entered into Register of Entrepreneurs maintained by the District Court for Warsaw in Warsaw, XII Commercial Division of the National Court Register, under number: 0000338706, identification number (NIP): 5213542911, statistical number (REGON): 142043500, holding share capital of PLN 250 000,00; and
Kontomatik UAB with its registered office in Vilnius at Upes 23, LT-08128 Lithuania, company code: 304852516 and VAT registration number: LT100011837810, holding share capital of EUR 10 000,00
- hereinafter referred to as: “Joint Controllers” or separately “Controller”.
We process your personal data for specific purposes, but always with care to protect your privacy. This Privacy and Cookies Policy (hereinafter referred to as: “Policy”) serves as an aid in understanding what data we collect and for what purpose we use it.
The information set out in this document is very important to you, because it refers to the processing of your personal data, especially regarding the content of provisions on the protection of personal data, including Regulation of the European Parliament and of the Council (EU) 2016/679 of 27/04/2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data; and the repeal of Directive 95/46/EC (General Regulation on the Protection of Personal Data), hereinafter referred to as: "GDPR".
For this reason, in this Policy we inform you about the legal basis for processing of your personal data on our Website and among others about collection and usage of such data as well as about your rights as a data subject associated with it.
We recommend you to read this document with care.
Personal data consists of information about an identified or identifiable natural person (data subject), which can be identified, directly or indirectly, in particular by reference to an identifier such as name or especially an online identifier. The processing of personal data is considered to be every action taken on personal data, irrespective of whether it is done in an automated manner or not, e.g. collecting, storing, fixing, ordering, modifying, browsing, using, sharing, limiting, deleting or destroying.
Following document applies every time we process your personal data as Joint Controllers. We process your personal data set out in this Policy for various purposes and with the use of various collection methods described in separate sections below. Legal basis for the processing of your personal data, usage of your personal data, disclosure and retention periods are always determined in relation to the purpose and the scope of processed personal data.
ESSENCE OF THE ARRANGEMENT BETWEEN JOINT CONTROLLERS
Joint Controllers of your personal data are Kontomatik sp. z o.o. and Kontomatik UAB.
We have designated Kontomatik sp. z o.o. as a contact point for the data subjects, therefore you have the right to contact us by sending a message on the following e-mail address: email@example.com in case of any confusion regarding the processing of your personal data by us.
We protect your privacy, which is why we have also appointed a person dealing with the protection of personal data - Data Protection Officer, with whom you may contact via email (firstname.lastname@example.org) in any matter regarding the processing of your personal data by us, especially in the case of exercising your rights as a data subject.
CATEGORIES OF INDIVIDUALS WHOSE DATA MIGHT BE COLLECTED (DATA SUBJECTS):
The personal data processing on this site applies to:
- obtain information about our offer;
- share suggestions about our services or products;
- conclude a contract.
PURPOSE, SCOPE AND THE LEGAL BASIS OF PROCESSING PERSONAL DATA
Individuals visiting our Website or using the services provided via Website electronically, always have control over the personal data which they provide to us. In other words, our site restricts the collection and use of information about the users to the necessary minimum, required to provide the services at the desired level, pursuant to Article 18 of the Act of 18 July 2002 on the provision of electronic services, particularly:
The purpose and the legal basis of collecting personal data
We process (including automatic processing) your personal data for the following purposes, in order to:
- present you with a commercial offer in the event of a request for an offer,
- consideration of a complaint if it is submitted,
- other, depending on the content of the message sent.
(For this purpose, we process your personal data on the basis of our legitimate interest (Article 6 (1)(f) of GDPR), consisting in handling submitted questions)
Additionally, we ask you not to provide information considered as special categories of personal data (such as information on race or ethnicity, political views, religious or philosophical beliefs, trade union membership, information about physical or mental health, genetic data, data biometrics, information about sexual life or sexual orientation and the criminal past). If you provide such information for any reason, we declare that as the Joint Controllers in order to ensure the transparency of data processing for a specific purpose, we will delete such content of the message
The scope of data processed on the Website, depending on the purpose for which the data is processed, concern:
contact form, email and phone contact (intended for clients and potential clients) in the scope of:
- IP address;
- data of the device and the type of browser used;
- demographic data.
We can also process your personal data in so-called system logs - IP address, domain. This data is used to generate statistics that help to manage our Website. Logs are not disclosed to third parties, subject to the possibility of sharing information about the IP number, user data of the site at the request of the right authorized entities on applicable law or state authorities in connection with their proceedings.
Profiling of personal data
The information that we collect in connection with the use of our online services / products available on the Website may be processed in an automated manner (including the form of profiling), however, it will not cause any legal effects to an individual or have any other significant effect. We profile to analyze or forecast personal preferences and interests of people using our site or products or services and matching content found on our site, and also for marketing purposes, i.e. matching the marketing offer to www. preferences.
Change of the processing purpose
We do not anticipate, but we cannot rule it out. We know for certain that if the purpose of processing your data changes, we will inform you about this situation so that you are aware and able to exercise your rights accordingly.
RECIPIENTS AND TRANSFER OF PERSONAL DATA
In connection with conducting business activity which requires processing, personal data are disclosed to third parties, including in particular vendors responsible for the operation of IT systems and hardware, entities providing legal or accounting services, couriers and marketing agencies, including our Trusted Partners.
Basically, we process your personal data within the European Economic Areas ("EEA"). In the event of your personal data being transferred outside of the EEA, you will be separately informed of this fact. Whenever your data will be transferred to a third country which does not ensure the level of personal data protection, we will provide that your personal data is handled in accordance with applicable requirements, such as:
As part of your rights to access to your personal data, you may request from us detailed information about the security used when your personal data are being transferred outside the EEA.
Our goal is to protect you against the negative consequences of processing your personal data. Therefore, we optimize storage time of your data collected via the Website. We concluded that:
What are cookies?
Cookies are small text information in the form of text files, sent by the server and saved on the side of the person visiting the website (e.g. on the hard drive of the computer, laptop or on the smartphone's memory card - depending on which device the visitor uses our Website). That so-called cookie usually contains the name of the website it comes from, the "lifespan" of the cookie (that is, its lifetime), and the value that is usually accidentally generated unique number. Cookies contain information which can be considered as personal data which allow us to identify you as a data subject.
Cookies, due to the fact that they are used for various purposes, can be generally divided into following types:
Do we use third-party cookies?
We may use the services of suppliers who may also store cookies when you visit the Website. These cookies allow them to provide you with the services tailored based on your preferences. When you visit the Website, you may receive cookies from third parties - their websites or domains (e.g. from Google).
You can familiarize yourself with the complete list of our Trusted Partners and manage your cookies preferences in Appendix 1.
Google Analytics cookies are files used by Google to analyze how you use our Website, to create statistics and reports on the operation of the Website. Google does not use the collected data to identify you as a user or combine this information to enable identification. Detailed information on the scope and rules of collecting data in connection with this service can be found at the following link: https://www.google.com/intl/pl/policies/privacy/partners
Google Ads is a tool that allows you to measure the effectiveness of advertising campaigns carried out by us, allowing for the analysis of such data as e.g. keywords or the number of unique users. The Google Ads platform also allows our ads to be displayed to people who have visited our Website in the past. Information on the processing of data by Google in the scope of the above service is available at: https://policies.google.com/technologies/ads?hl=en
Social network plug-ins
On our Website, we use so-called social network plug-ins, which allow you to visit our profiles on selected social networks, such as LinkedIn, Twitter and YouTube. By clicking on those plug-ins, you will among others have an opportunity to share selected content on your profile on that social network. Using abovementioned plug-ins results in sharing your personal data with a given social network, which receives information about your use of the Website that can be assigned to your profile created in each social network. In this scope, controller of your personal data is controller of a given social network (e.g. Twitter). Detailed information about processing your personal data by these controllers can be found under the links below:
Can I control cookies or delete them?
In most browsers, the acceptance of cookies is set by default. By using our Website, you can choose the so-called cookies banner, whether to allow storage of cookies which are not necessary for the proper functioning of the Website on your end device. You can do it by choosing between “Accept” and “Manage cookies” buttons.
Clicking the "Accept" button allows you to accept and install cookies in accordance with the settings of the browser used (in the case of default settings, all cookies are installed).
By choosing the “Manage cookies” button, you will be transferred to the other website, where you can manage your cookies preferences by using cookie tool which allows you to consent or object to certain types of cookies. Moreover, on this side you can find specific information about the types of cookies we use (analytic and marketing ones) and our Trusted Partners.
When you don’t express an active and explicit consent to a given type of cookies, any analytic or marketing cookies won’t be installed on your end device.
Despite the above, you can always change the settings so that cookies are blocked or that you are alerted that they are sent to your devices. There are many ways to manage cookies. We ask you to refer to the instructions of your web browser or to display help to learn how to customize or change your browser settings. Here's how to do it on the most popular browsers:
- Internet Explorer: https://support.microsoft.com/en-us/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d#:~:text=To%20delete%20cookies&text=Select%20the%20Cookies%20and%20website,box%2C%20and%20then%20select%20Delete.
- Mozilla Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
- Google Chrome: https://support.google.com/chrome/answer/95647?hl=en&co=GENIE.Platform%3DDesktop
- Opera: http://help.opera.com/Windows/12.10/pl/cookies.html
- Safari: https://support.apple.com/kb/PH5042?locale=en-GB
As a data subject, with regards to your personal information, you have a number of rights under the GDPR provisions, which you can exercise by sending an email to our Data Protection Officer: email@example.com. It is important to let you know your rights in relation to the processing of your personal data:
Right to be informed
On this basis, we will provide you with information on data processing, including primarily the purposes and legal grounds for processing, the scope of data held, entities to which your data was disclosed, and the planned date of deletion of data.
Right of access the copy of data
On this basis, we will provide you a copy of your processed personal data.
Right to rectification
By receiving this kind of request, in some cases, we are obliged to remove any incompatibilities or errors of your personal data and supplement them if they are incomplete.
Right to be forgotten
On this basis, you can request the deletion of your personal data, processing of which is no longer necessary to achieve any of the purposes for which your data were collected.
Right to restrict processing
If such a request is made, we cease to carry out operations on your personal data – with the exception of operations to which you have consented, and to the storage of data in accordance with the adopted retention rules or until the reasons for limiting data processing cease to exist (e.g. a decision of the supervisory authority allowing further processing of data will be issued).
Right to data portability
On this basis - to the extent that data is processed in an automated manner in connection with the concluded contract or consent – we issue data provided by you, in a format that allows data to be read by a computer. It is also possible to request that the data be sent to another entity, however, if there are technical possibilities in this respect both on the part of the Joint Controllers and the indicated entity.
Right to object to the processing of data for marketing purposes
At any time, you can object to the processing of your personal data for marketing purposes, without the need to justify such an objection.
Right to object to other purposes of data processing
At any time, you may object - for reasons related to your special situation - to the processing of your personal data, which is based on the legitimate interest of the Joint Controllers (e.g. for analytical or statistical purposes or for reasons related with protection of the property); the opposition in this respect should include a justification.
Right to withdraw consent
If your data are processed on the basis of given consent, you have the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing carried out before its withdrawal.
Right to complain to the Data Protection Authority
If it is considered that the processing of your personal data violates the provisions of the GDPR or other provisions regarding the protection of personal data, you may file a complaint to the body supervising the processing of personal data, competent for yours habitual residence, your place of employment or place where the alleged violation took place. In Poland, the supervisory authority is the President of the Personal Data Protection Office, with its office at Stawki 2 Street, 00-193 Warsaw.
PERSONAL DATA SECURITY
To ensure data integrity and confidentiality, we have implemented procedures making access to personal data possible only to authorized persons and only to the extent necessary for them to perform their tasks. We applied organizational and technical solutions to ensure that all the operations on personal data are recorded and performed only by authorized persons.
We do our best to protect users from unauthorized access, unauthorized modification, disclosure and destruction of your personal information held by us. In particular we:
In addition, we take any necessary actions so that its subcontractors and other cooperating entities guarantee the application of appropriate security measures in each case when they process personal data on the Controller’s behalf.
We perform risk analysis on an ongoing basis and monitor the adequacy of applied data protection mechanisms to the identified threats. If necessary, we will implement additional measures to increase data security.
CHANGES TO THE POLICY
The Policy is verified on an ongoing basis and updated when needed. The present version of the Policy was adopted on 18.02.2022 and may be subject to change. Any changes to the Policy will be published on this Website.
INFORMATION OBLIGATION IN CONNECTION WITH THE PROCESSING OF PERSONAL DATA OF CUSTOMERS, FORMER CUSTOMERS OR POTENTIAL CUSTOMERS
Who is the Personal Data Controller?
The Controller of personal data of clients, former clients or potential clients is Kontomatik sp.z o.o. with its registered office in Warsaw (00-838) at Prosta 51.
The Controller can be contacted by email by writing to the following e-mail address: firstname.lastname@example.org or via traditional mail by sending correspondence to the following address: Kontomatik sp.z o.o., ul. Prosta 51, 00-838 Warsaw, with the annotation "Personal Data Protection".
Has a Data Protection Officer been appointed?
The protection of processed personal data is extremely important to us, which is why we have appointed a Data Protection Officer who can be contacted on the subject of personal data protection by email by writing to the following email address: email@example.com or via traditional mail by sending correspondence to the following address: Kontomatik sp. z o. o Prosta 51, 00-838 Warsaw, with the annotation "Personal Data Protection".
What are the purposes and legal grounds for the processing of personal data?
Personal data is processed by the Controller, in particular in order to present a commercial offer or in connection with conducted business talks, marketing activities, implementation of a signed contract for the provision of services or taking action at the request of the data subject, before concluding the contract, fulfilling the obligation resulting from the provision law, the need to retain the necessary information for the purposes of defending against or pursuing claims, responding to submitted letters and fulfilling requests resulting from the provisions of the GDPR.
Personal data is processed by the Controller primarily for the following purposes:
The processing of personal data by the Controller is based on:
How long are personal data stored (retention period)?
The period of storage of personal data depends on the purpose for which the data is processed. It results from legal provisions that require the storage of data for a specific period of time or is necessary for the performance of the contract or the protection of legitimate interests pursued by the Controller or by a third party.
Examples of periods during which personal data may be stored by the Controller:
Does the Controller provide personal data and to whom?
Personal data may only be made available when:
The Controller does not intend to transfer personal data to the so-called third countries (i.e. outside the European Economic Area). The Controller may, however, commission the performance of specific IT services or tasks to service providers established outside the European Economic Area (e.g. in the scope of data processed via the website). In this case, personal data is transferred on the basis of binding corporate rules or standard contractual clauses adopted by the European Commission and only to entities that have undertaken to comply with specific principles of personal data protection.
In order to obtain additional information on the transfer of data outside the EEA and to obtain a copy of the adopted protection measures, you can contact the Data Protection Officer.
What rights are there in relation to the processing of personal data?
Each person whose personal data is processed by the Controller has the right to:
If the processing is based on Art. 6 sec. 1 lit. a) GDPR, the data subject has the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
More information on the rights of data subjects can be found here: Information clause on the rights of a natural person pursuant to the GDPR.
How can certain rights be exercised?
The demands resulting from Art. 15-22 of the GDPR can be brought to the Controller at any time.More information on the fulfillment of requests can be found here: Information clause about submission of a request to execute the rights pursuant to the GDPR.
Is the data subject to automated processing?
The information collected by the Controller may be processed in an automated manner (including in the form of profiling), however, it will not cause any legal consequences for a natural person or similarly significantly affect it. In order to carry out marketing activities, the Controller uses profiling in some cases. This means that thanks to automatic data processing, the Controller assesses selected factors of persons in order to analyze their behavior or create a forecast for the future.
Where is personal data collected from?
We obtain personal data mainly from the data subject. The Controller may, in justified cases, e.g. in order to confirm data or verify submitted declarations, obtain data, e.g. from the Register of Entrepreneurs of the National Court Register or the Central Register and Information on Economic Activity.