1. PERSONAL DATA CONTROLLER
1.1. The Controller of personal data of Users and persons using the website is Conversion spółka z ograniczoną odpowiedzialnością, ul. Rzymowskiego 31, 02-697 Warszawa, entered in the register of entrepreneurs of the National Court Register (KRS) under number KRS: 0000462300, Tax Identification Number NIP: 5213649253, National Business Registry Number REGON: 14662401000000, share capital PLN 12.000 (“Conversion”).
2. DATA PROCESSING METHOD
2.1. Personal data of the Users will be processed for the following purposes:
|Purpose||Scope of data||Legal ground||Data processing period|
|providing access to the website||IP address||art. 6.1(b) of the GDPR – statutory authorisation to process data necessary to perform an agreement||until the expiry of the limitation period for claims related to access to the website|
|undertaking marketing activities, including sending a newsletter||e-mail address||art. 6.1(f) of the GDPR – legitimate interest of the administrator consisting in informing about its activities or art. 6.1(a) of the GDPR – consent of the data subject||until the data is no longer usable or the data subject objects to it or the consent to the processing of personal data is withdrawn|
|contact with Users, responding to e-mail from Users||e-mail address, first and last name, other data provided voluntarily in the Order form or e-mail||art. 6.1(f) of the GDPR – legitimate interest of the controller which consists in responding to queries and correspondence provided directly by data subjects||until the correspondence is completed or the data subject objects|
|analysing traffic on the website||IP address, cookie files||art. 6.1(a) of the GDPR – consent given by the User||until the data is no longer useful or the data subject withdraws the consent|
|conducting telephone calls||name, telephone number, other personal data voluntarily provided by the data subject||art. 6.1(f) of the GDPR – legitimate interest of the administrator consisting in handling inquiries and correspondence directed directly by data subjects||until the talks are completed or the data subject expresses an objection|
|protection against claims, directing claims||e-mail address, name, surname||art. 6.1(f) of the GDPR – legitimate interest of the administrator consisting in protection against claims and directing claims until the expiry of the limitation period for claims related to access to the website and user activities on the website, counted from the last stay of a given user on the website||until the expiry of the limitation period for claims related to access to the website and user activities within the website, counted from the last stay of a given user on the website|
|providing access and use of the contact form on the website||name, surname, e-mail, telephone number, other personal data voluntarily provided by the data subject||art. 6.1(f) of the GDPR – legitimate interest of the administrator consisting in handling inquiries and correspondence directed directly by data subjects||until the correspondence is completed or the data subject objects|
2.2. In the event that Conversion transfers the processed personal data to third countries (outside the EEA), it will immediately inform the data subjects of this fact. In addition, Conversion will ensure that the transfer of personal data is based on a decision issued by the Commission, standard contractual clauses or other measures arising directly from the GDPR.
2.3. In the case of transfer of personal data to third countries, before the transfer, Conversion verifies whether the data recipient applies measures ensuring the security and integrity of the data, as well as whether the country to which the personal data is sent provides adequate measures to protect the data subjects.
2.4. Users’ data will be processed in the form of profiling, including profiling based on the number of sessions, which will result in non-automated commercial and marketing activities. The User may object to profiling at firstname.lastname@example.org.
3. RECIPIENTS OF DATA
3.1. Conversion may entrust the processing of Users’ personal data to third parties for the purpose of performance of the activities stated in the Terms of Service and service of the User. The recipients of User’s data may involve in particular: Conversion hosting provider, e-mail operator, technical support company, e-mail service provider, law firm, accounting office, CRM system provider.
3.2. Users’ personal data collected by Conversion may also be disclosed to competent state bodies or institutions (law enforcement authorities, courts, security service) authorised to gain access to them on the basis of the respective generally applicable legal provisions, or other persons and entities – in the cases prescribed by the generally applicable legal provisions.
3.3. Each entity to which Conversion transfers Users’ personal data for processing on the basis of a personal data transfer agreement (“Data Transfer Agreement”) guarantees an adequate level of security and confidentiality of the processing of personal data. The entity processing Users’ personal data on the basis of the Data Transfer Agreement may process Users’ personal data through another entity only upon prior written consent of Conversion.
4. RIGHTS OF DATA SUBJECT
4.1. Each User has the right to: (a) delete the collected personal data referring to him/her both from the system belonging to Conversion as well as from bases of entities which have co-operated with Conversion, (b) restrict the processing of data, (c) portability of the personal data collected by Conversion and referring to the User, in this to receive them in a structured form, (d) request Conversion to enable him/her access to his/her personal data and to rectify them, (e) object to personal data processing, (f) withdraw the consent towards Conversion at any time without affecting the legality of the personal data processing carried out on the basis of the consent before it is withdrawn, (g) lodge a complaint about Conversion to the supervisory authority (President of the Personal Data Protection Office).
5. OTHER DATA
5.1. Conversion may store http enquiries, therefore the files containing web server logs may store certain data related to Users, including the IP address of the computer sending the enquiry, the name of User’s station – identification through http protocol, number of bytes sent by the server, the URL address of the site visited by the User before (if the User has entered the website through a link), information concerning User’s browser, information concerning errors occurred by realization of the http transaction. Web server logs may be collected as material for the purposes of proper administration of the website. Only persons authorised to administer the IT system have access to the data referred to above. Files containing web server logs may be analysed for the purpose of preparing statistics concerning traffic on the website and occurring errors. Summary of such details does not identify the User.
6.1. Conversion takes care of security of Users’ personal data. For this purpose Conversion has implemented appropriate safeguards and means of protection of personal data taking into account risks connected with the process of personal data processing. In particular, Conversion applies technological and organisational means in order to secure personal data against being disclosed to unauthorised persons, taken over by an unauthorised person, changed, lost, damaged or destroyed, as well as processed in violation of the GDPR by using, among other things, SSL certificates. The compilation of Users’ personal data collected by Conversion is stored on a secured server, moreover, personal data are also secured by internal procedures of Conversion related to the processing of personal data and information security policy.
6.2. Conversion has also implemented appropriate technical and organizational measures, such as pseudonymisation, designed to effectively implement data protection principles, such as data minimization, and to provide the processing with the necessary safeguards to meet the GDPR requirements and protect the rights of data subjects.
6.3. Irrespective of the foregoing, Conversion states that using the Internet and services provided by electronic means may pose a threat of malware breaking into User’s teleinformatic system and device, as well as a third party gaining access to User’s data, including personal data. In order to minimise such threats, the User may use appropriate technical security means (antivirus programs) or programs securing identification of the User in the Internet.
8. FINAL PROVISIONS