Privacy policy

PRIVACY AND COOKIES POLICY

PREAMBLE

By visiting our website: www.kontomatik.com (hereinafter referred to as: “Website”), you entrust your personal data to controllers which are jointly.

  • Kontomatik sp. z o.o. with its registered office in Warsaw at Prosta 51 Street, 00-838 Warsaw, entered into Register of Entrepreneurs maintained by the District Court for Warsaw in Warsaw, XII Commercial Division of the National Court Register, under number: 0000338706, identification number (NIP): 5213542911, statistical number (REGON): 142043500, holding share capital of PLN 250 000,00; and

  • Kontomatik UAB with its registered office in Vilnius at Upes 23, LT-08128 Lithuania, company code: 304852516 and VAT registration number: LT100011837810, holding share capital of EUR 10 000,00

- hereinafter referred to as: “Joint Controllers” or separately “Controller”.

We process your personal data for specific purposes, but always with care to protect your privacy. This Privacy and Cookies Policy (hereinafter referred to as: “Policy”) serves as an aid in understanding what data we collect and for what purpose we use it.

The information set out in this document is very important to you, because it refers to the processing of your personal data, especially regarding the content of provisions on the protection of personal data, including Regulation of the European Parliament and of the Council (EU) 2016/679 of 27/04/2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data; and the repeal of Directive 95/46/EC (General Regulation on the Protection of Personal Data), hereinafter referred to as: "GDPR".

For this reason, in this Policy we inform you about the legal basis for processing of your personal data on our Website and among others about collection and usage of such data as well as about your rights as a data subject associated with it.

We recommend you to read this document with care.

GENERAL INFORMATION

Personal data consists of information about an identified or identifiable natural person (data subject), which can be identified, directly or indirectly, in particular by reference to an identifier such as name or especially an online identifier. The processing of personal data is considered to be every action taken on personal data, irrespective of whether it is done in an automated manner or not, e.g. collecting, storing, fixing, ordering, modifying, browsing, using, sharing, limiting, deleting or destroying.

Following document applies every time we process your personal data as Joint Controllers. We process your personal data set out in this Policy for various purposes and with the use of various collection methods described in separate sections below. Legal basis for the processing of your personal data, usage of your personal data, disclosure and retention periods are always determined in relation to the purpose and the scope of processed personal data.

ESSENCE OF THE ARRANGEMENT BETWEEN JOINT CONTROLLERS

Joint Controllers of your personal data are Kontomatik sp. z o.o. and Kontomatik UAB.

We have designated Kontomatik sp. z o.o. as a contact point for the data subjects, therefore you have the right to contact us by sending a message on the following e-mail address: [email protected] in case of any confusion regarding the processing of your personal data by us.

We protect your privacy, which is why we have also appointed a person dealing with the protection of personal data - Data Protection Officer, with whom you may contact via e-mail ([email protected]) in any matter regarding the processing of your personal data by us, especially in the case of exercising your rights as a data subject.

CATEGORIES OF INDIVIDUALS WHOSE DATA MIGHT BE COLLECTED (DATA SUBJECTS):

The personal data processing on this site applies to:

  • Website users – individuals visiting our Website to obtain information about the company and services, or products made available on the Website; and

  • clients or potential clients contacting us by a contact form in order to:obtain information about our offer, share suggestions about our services or products or conclude a contract.

PURPOSE, SCOPE AND THE LEGAL BASIS OF PROCESSING PERSONAL DATA

Individuals visiting our Website or using the services provided via Website electronically, always have control over the personal data which they provide to us. In other words, our site restricts the collection and use of information about the users to the necessary minimum, required to provide the services at the desired level, pursuant to Article 18 of the Act of 18 July 2002 on the provision of electronic services, particularly:

  • making the content of the Website available to the users;

  • analyzing server work problems;

  • preventing possible violations;

  • ensuring security of the Website;

  • analyzing Website visits statistics, including analyzing demographic data of users visiting the Website (information about the region and device from which the connection was made);

  • actions taken by us on your request (e.g. if you want to use a question form provided on our Website, you may be asked to provide a specific scope of personal data).

The purpose and the legal basis of collecting personal data

We process (including automatic processing) your personal data for the following purposes, in order to:

  • mmanage our Website properly and deliver the content of our Website – for this purpose we process your personal data, because it is necessary for performance of a contract (provide services by electronic means) on the basis of Article 6 (1)(b) of GDPR;

  • tailor the content of the Website to your needs and interests – for this purpose we use cookies and process your personal data on the basis of your given consent to install certain types of cookies on your end device (Article 6 (1)(a) of GDPR), which you can withdraw at any time;

  • enable you to contact us (via the contact form) and to give you a reliable answer depending on the content of the message, regarding: present you with a commercial offer in the event of a request for an offer, consideration of a complaint if it is submitted, other, depending on the content of the message sent.

For this purpose, we process your personal data on the basis of our legitimate interest (Article 6 (1)(f) of GDPR), consist in handling submitted question form.

  • request contact from a sales representative - for this purpose we process your personal data on the basis of our legitimate interest (Article 6 (1)(f) of GDPR), consist in handling potential offer;

  • analyze and prepare statistics related to your activity on the basis of our legitimate interest (Article 6 (1)(f) of GDPR), consist in conducting our business;

  • handle e-mail and traditional correspondence when we receive correspondence by e-mail or traditional mail, unconnected with the services provided for the sender or another agreement executed with them, the personal data relevant to the issue that the correspondence is about shall be processed only for the purpose of communicating and resolving the issue which is the subject of the correspondence – the legal basis for the processing is our legitimate interest (Article 6(1)(f) GDPR) to carry on correspondence sent to us in connection with our business activity;

  • handling phone contact when you contact us by telephone about issues unconnected with an executed agreement or provided services – the legal basis for the processing is our legitimate interest (Article 6(1)(f) GDPR) involving the need to resolve an issue connected with its business activity;

  • establishing, exercise or defense of potential legal claims – the legal basis for the processing is our legitimate interest (Article 6(1)(f) GDPR) to pursue or defend against legal claims.

Additionally, we ask you not to provide information considered as special categories of personal data via the contact form (such as information on race or ethnicity, political views, religious or philosophical beliefs, trade union membership, information about physical or mental health, genetic data, data biometrics, information about sexual life or sexual orientation and the criminal past). If you provide such information for any reason, we declare that as the Joint Controllers in order to ensure the transparency of data processing for a specific purpose, we will delete such content of the message, about which we will inform you to the sentenced e-mail address.

The scope of data processed on the Website, depending on the purpose for which the data is processed, concern:

  • contact form, e-mail and phone contact (intended for clients and potential clients) in the scope of:identification data (e.g. name and surname), contact details (e.g. telephone number, e-mail address), data resulting from the content being submitted.

  • website management (indicated for Website users), in the scope of:personal data resulting from cookies installed on your end device, among others: IP address, data of the device and the type of browser used, demographic data.

We can also process your personal data in so-called system logs - IP address, domain. This data is used to generate statistics that help to manage our Website. Logs are not disclosed to third parties, subject to the possibility of sharing information about the IP number, user data of the site at the request of the right authorized entities on applicable law or state authorities in connection with their proceedings.

Profiling of personal data

The information that we collect in connection with the use of our online services / products available on the Website may be processed in an automated manner (including the form of profiling), however, it will not cause any legal effects to an individual or have any other significant effect. We profile to analyze or forecast personal preferences and interests of people using our site or products or services and matching content found on our site, and also for marketing purposes, i.e. matching the marketing offer to www. preferences.

Change of the processing purpose

We do not anticipate, but we cannot rule it out. We know for certain that if the purpose of processing your data changes, we will inform you about this situation so that you are aware and able to exercise your rights accordingly.

PRECIPIENTS AND TRANSFER OF PERSONAL DATA

In connection with conducting business activity which requires processing, personal data are disclosed to third parties, including in particular vendors responsible for the operation of IT systems and hardware, entities providing legal or accounting services, couriers and marketing agencies, including our Trusted Partners

Basically, we process your personal data within the European Economic Areas ("EEA"). In the event of your personal data being transferred outside of the EEA, you will be separately informed of this fact.

Your personal data may be transferred to countries outside of the EEA (“third countries”) if the European Commission has decided that the country ensures an adequate level of protection, i.e. equivalent to those required under the GDPR (e.g. EU-US Privacy Shield). In that case, we will take appropriate measures, in compliance with applicable law, to ensure that your personal information remains protected.

Whenever your data will be transferred to a third country which does not ensure the level of personal data protection, we will provide that your personal data is handled in accordance with applicable requirements, such as:

  • binding corporate rules approved by the competent supervisory authority

  • consolidated contractual clauses, which are forwarded by the national supervisory authorities and approved by the European Commission;

  • approved code of conduct;

  • approved certification authorization or

  • based on the applicable supervisory recommendation.

As part of your rights to access your personal data, you may request from us detailed information about the security used when your personal data are being transferred outside the EEA.

PROCESSING TIME

Our goal is to protect you against the negative consequences of processing your personal data. Therefore, we optimize storage time of your data collected via the Website. We concluded that:

  • if the Joint Controllers process your personal data on the basis of given consent, the processing period lasts until the withdrawal of the consent or completion of the purpose for which they were collected;

  • if the Joint Controllers process your personal data on the basis of their legitimate interest, the processing period lasts until the termination of the above-mentioned interest (e.g. the period of prescription for civil claims) or until the moment of your objection;

  • if the Joint Controllers process your personal data because it is necessary due to the applicable law, the periods of data processing for this purpose are defined by these provisions;

  • in the absence of specific legal or contractual requirements, the basic storage period for records and other documentary evidence drawn up during the performance of the contract for a maximum of 6 years.

COOKIES

What are cookies?

Cookies are small text information in the form of text files, sent by the server and saved on the side of the person visiting the website (e.g. on the hard drive of the computer, laptop or on the smartphone's memory card - depending on which device the visitor uses our Website). That so-called cookie usually contains the name of the website it comes from, the "lifespan" of the cookie (that is, its lifetime), and the value that is usually accidentally generated unique number. Cookies contain information which can be considered as personal data which allow us to identify you as a data subject.

  • session cookies – temporary files, which are necessary for the proper functioning of the Website and are automatically installed on your end device by the moment of entering the Website. These cookies are stored in the temporary memory of browser while you use our Website and expire after closing the browser (when the session is over). Session cookies do not retain any information about you after closing the session;

  • analytical cookies – files, which help us to manage the Website. These cookies are used to track the activity of users on the Website in order to measure and determine the performance of the Website and to optimize its content. Analytical cookies retain information about you but only to the extent to allow you to use the website properly. You can choose whether to consent to these types of cookies;

  • marketing cookies – files which are used to determine user’s profile in order to target advertising to his preferences. By using these types of cookies, we can offer you maximally personalized and tailored service. Just like in the case of analyzing cookies, you may or may not consent to these types of cookies.

Do we use third-party cookies?

We may use the services of suppliers who may also store cookies when you visit the Website. These cookies allow them to provide you with the services tailored based on your preferences. When you visit the Website, you may receive cookies from third parties - their websites or domains (e.g. from Google).

You can familiarize yourself with complete list of our Trusted Partners and manage your cookies preferences in Appendix 1.

Google Analytics

Google Analytics cookies are files used by Google to analyze how you use our Website, to create statistics and reports on the operation of the Website. Google does not use the collected data to identify you as a user or combine this information to enable identification. Detailed information on the scope and rules of collecting data in connection with this service can be found at the following link: https://www.google.com/intl/pl/policies/privacy/partners.

Google Ads

Google Ads is a tool that allows you to measure the effectiveness of advertising campaigns carried out by us, allowing for the analysis of such data as e.g. keywords or the number of unique users. The Google Ads platform also allows our ads to be displayed to people who have visited our Website in the past. Information on the processing of data by Google in the scope of the above service is available at: https://policies.google.com/technologies/ads?hl=en.

Social network plug-ins

On our Website, we use so-called social network plug-ins, which allow you to visit our profiles on selected social networks, such as LinkedIn, Twitter and YouTube. By clicking on those plug-ins, you will among others have an opportunity to share selected content on your profile on that social network. Using abovementioned plug-ins results in sharing your personal data with given social network, which receives information about your use of the Website that can be assigned to your profile created in each social network. In these scope, controller of your personal data is controller of a given social network (e.g. Twitter). Detailed information about processing your personal data by these controllers can be found under the links below:

  • Facebook: https://www.facebook.com/policy.php;

  • LinkedIn: https://www.linkedin.com/legal/privacy-policy?_l=pl_PL;

  • Twitter: https://twitter.com/en/privacy;

  • YouTube: https://policies.google.com/privacy.

Can I control cookies or delete them?

In most browsers, the acceptance of cookies is set by default. By using our Website, you can choose the so-called cookies banner, whether to allow storage of cookies which are not necessary for the proper functioning of the Website on your end device. You can do it by choosing between “Accept” and “Manage cookies” buttons.

Clicking "Accept" button allows you to accept and install cookies in accordance with the settings of the browser used (in the case of default settings, all cookies are installed).

By choosing “Manage cookies” button, you will be transferred to the other website, where you can manage your cookies preferences by using cookie tool which allows you to consent or object to certain types of cookies. Moreover, on this side you can find specific information about the types of cookies we use (analytic and marketing ones) and our Trusted Partners.

When you don’t express an active and explicit consent to a given type of cookies, any analytic or marketing cookies won’t be installed on your end device.

Despite the above, you can always change the settings so that cookies are blocked or that you are alerted that they are sent to your devices. There are many ways to manage cookies. We ask you to refer to the instructions of your web browser or to display help to learn how to customize or change your browser settings. Here's how to do it on the most popular browsers:

  • Internet Explorer: https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies

  • Mozilla Firefox: http://support.mozilla.org/pl/kb/ciasteczka

  • Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647

  • Opera: http://help.opera.com/Windows/12.10/pl/cookies.html

  • Safari: https://support.apple.com/kb/PH5042?locale=en-GB

YOUR RIGHTS

As a data subject, with regards to your personal information, you have a number of rights under the GDPR provisions, which you can exercise by sending an e-mail to our Data Protection Officer: [email protected] It is important to let you know your rights in relation to the processing of your personal data:

Right to be informed

On this basis, we will provide you with information on data processing, including primarily the purposes and legal grounds for processing, the scope of data held, entities to which your data was disclosed, and the planned date of deletion of data.

Right of access the copy of data

On this basis, we will provide you a copy of your processed personal data.

Right to rectification

By receiving this kind of request, in some cases, we are obliged to remove any incompatibilities or errors of your personal data and supplement them if they are incomplete.

Right to be forgotten

On this basis, you can request the deletion of your personal data, processing of which is no longer necessary to achieve any of the purposes for which your data were collected.

Right to restrict processing

If such a request is made, we cease to carry out operations on your personal data – with the exception of operations to which you have consented, and to the storage of data in accordance with the adopted retention rules or until the reasons for limiting data processing cease to exist (e.g. a decision of the supervisory authority allowing further processing of data will be issued).

Right to data portability

On this basis - to the extent that data is processed in an automated manner in connection with the concluded contract or consent – we issue data provided by you, in a format that allows data to be read by a computer. It is also possible to request that the data be sent to another entity, however, if there are technical possibilities in this respect both on the part of the Joint Controllers and the indicated entity.

Right to object to the processing of data for marketing purposes

At any time, you can object to the processing of your personal data for marketing purposes, without the need to justify such an objection.

Right to object to other purposes of data processing

At any time, you may object - for reasons related to your special situation - to the processing of your personal data, which is based on the legitimate interest of the Joint Controllers (e.g. for analytical or statistical purposes or for reasons related with protection of the property); the opposition in this respect should include a justification

Right to withdraw consent

If your data are processed on the basis of given consent, you have the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing carried out before its withdrawal.

Right to complain to the Data Protection Authority

If it is considered that the processing of your personal data violates the provisions of the GDPR or other provisions regarding the protection of personal data, you may file a complaint to the body supervising the processing of personal data, competent for yours habitual residence, your place of employment or place where the alleged violation took place. In Poland, the supervisory authority is the President of the Personal Data Protection Office, with its office at Stawki 2 Street, 00-193 Warsaw.

PERSONAL DATA SECURITY

To ensure data integrity and confidentiality, we have implemented procedures making access to personal data possible only to authorized persons and only to the extent necessary for them to perform their tasks. We applied organizational and technical solutions to ensure that all the operations on personal data are recorded and performed only by authorized persons.

We do our best to protect users from unauthorized access, unauthorized modification, disclosure and destruction of your personal information held by us. In particular we:

  • use SSL encryption;

  • Mozilla Firefox: http://support.mozilla.org/pl/kb/ciasteczka

  • control our methods of collecting, storing and processing personal data, including physical security measures, to protect against unauthorized access to the system;

  • provide access to personal data only to employees, contractors and representatives who must have access to them in order to process them for us. In addition, they are contractually required to maintain strict confidentiality.

In addition, we take any necessary actions so that its subcontractors and other cooperating entities guaranteed the application of appropriate security measures in each case when they process personal data on the Controller’s behalf.

We perform risk analysis on an ongoing basis and monitors the adequacy of applied data protection mechanisms to the identified threats. If necessary, we will implement additional measures to increase data security.

CHANGES TO THE POLICY

The Policy is verified on an ongoing basis and updated when needed. The present version of the Policy has been adopted on 22.01.2020 and may be subject to change. Any changes to the Policy will be published on this Website.

APPENDIX 1.