Privacy Policy

Effective Date: March 19, 2021

Privacy Policy

The Privacy Policy is for information purposes and serves satisfaction of information obligations imposed on the data controller under the GDPR, i.e. Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

The User who wants to use the website should become acquainted with the Privacy Policy. The Privacy Policy determines the rules for processing personal data and using cookie files and other tracking technologies used in connection with the website operation.

1. PERSONAL DATA CONTROLLER

1.1. The Controller of personal data of Users and persons using the website is Conversion spółka z ograniczoną odpowiedzialnością, ul. Klimczaka 1, 02-797 Warszawa, entered in the register of entrepreneurs of the National Court Register (KRS) under number KRS: 0000462300, Tax Identification Number NIP: 5213649253, National Business Registry Number REGON: 14662401000000, share capital PLN 12.000 (“Conversion”).

1.2. In the event of any doubts connected with the Privacy Policy, the User may contact the Personal Data Controller by sending a message to the e-mail address: hello@growcode.com.

2. DATA PROCESSING METHOD

2.1. Personal data of the Users will be processed for the following purposes:

Purpose Scope of data Legal ground Data processing period
providing access to the website IP address art. 6.1(b) of the GDPR – statutory authorisation to process data necessary to perform an agreement until the expiry of the limitation period for claims related to access to the website
undertaking marketing activities, including sending a newsletter e-mail address art. 6.1(f) of the GDPR – legitimate interest of the administrator consisting in informing about its activities or art. 6.1(a) of the GDPR – consent of the data subject until the data is no longer usable or the data subject objects to it or the consent to the processing of personal data is withdrawn
contact with Users, responding to e-mail from Users e-mail address, first and last name, other data provided voluntarily in the Order form or e-mail art. 6.1(f) of the GDPR – legitimate interest of the controller which consists in responding to queries and correspondence provided directly by data subjects until the correspondence is completed or the data subject objects
analysing traffic on the website IP address, cookie files art. 6.1(a) of the GDPR – consent given by the User until the data is no longer useful or the data subject withdraws the consent
conducting telephone calls name, telephone number, other personal data voluntarily provided by the data subject art. 6.1(f) of the GDPR – legitimate interest of the administrator consisting in handling inquiries and correspondence directed directly by data subjects until the talks are completed or the data subject expresses an objection
protection against claims, directing claims e-mail address, name, surname art. 6.1(f) of the GDPR – legitimate interest of the administrator consisting in protection against claims and directing claims until the expiry of the limitation period for claims related to access to the website and user activities on the website, counted from the last stay of a given user on the website until the expiry of the limitation period for claims related to access to the website and user activities within the website, counted from the last stay of a given user on the website
providing access and use of the contact form on the website name, surname, e-mail, telephone number, other personal data voluntarily provided by the data subject art. 6.1(f) of the GDPR – legitimate interest of the administrator consisting in handling inquiries and correspondence directed directly by data subjects until the correspondence is completed or the data subject objects

2.2. In the event that Conversion transfers the processed personal data to third countries (outside the EEA), it will immediately inform the data subjects of this fact. In addition, Conversion will ensure that the transfer of personal data is based on a decision issued by the Commission, standard contractual clauses or other measures arising directly from the GDPR.

2.3. In the case of transfer of personal data to third countries, before the transfer, Conversion verifies whether the data recipient applies measures ensuring the security and integrity of the data, as well as whether the country to which the personal data is sent provides adequate measures to protect the data subjects.

2.4. Users’ data will be processed in the form of profiling, including profiling based on the number of sessions, which will result in non-automated commercial and marketing activities. The User may object to profiling at kontakt@conversion.pl.

3. RECIPIENTS OF DATA

3.1. Conversion may entrust the processing of Users’ personal data to third parties for the purpose of performance of the activities stated in the Terms of Service and service of the User. The recipients of User’s data may involve in particular: Conversion hosting provider, e-mail operator, technical support company, e-mail service provider, law firm, accounting office, CRM system provider.

3.2. Users’ personal data collected by Conversion may also be disclosed to competent state bodies or institutions (law enforcement authorities, courts, security service) authorised to gain access to them on the basis of the respective generally applicable legal provisions, or other persons and entities – in the cases prescribed by the generally applicable legal provisions.

3.3. Each entity to which Conversion transfers Users’ personal data for processing on the basis of a personal data transfer agreement (“Data Transfer Agreement”) guarantees an adequate level of security and confidentiality of the processing of personal data. The entity processing Users’ personal data on the basis of the Data Transfer Agreement may process Users’ personal data through another entity only upon prior written consent of Conversion.

3.4. Disclosure of Users’ personal data to unauthorised entities under this Privacy Policy may take place only upon prior written consent of the User to whom such data refer.

4. RIGHTS OF DATA SUBJECT

4.1. Each User has the right to: (a) delete the collected personal data referring to him/her both from the system belonging to Conversion as well as from bases of entities which have co-operated with Conversion, (b) restrict the processing of data, (c) portability of the personal data collected by Conversion and referring to the User, in this to receive them in a structured form, (d) request Conversion to enable him/her access to his/her personal data and to rectify them, (e) object to personal data processing, (f) withdraw the consent towards Conversion at any time without affecting the legality of the personal data processing carried out on the basis of the consent before it is withdrawn, (g) lodge a complaint about Conversion to the supervisory authority (President of the Personal Data Protection Office).

5. OTHER DATA

5.1. Conversion may store http enquiries, therefore the files containing web server logs may store certain data related to Users, including the IP address of the computer sending the enquiry, the name of User’s station – identification through http protocol, number of bytes sent by the server, the URL address of the site visited by the User before (if the User has entered the website through a link), information concerning User’s browser, information concerning errors occurred by realization of the http transaction. Web server logs may be collected as material for the purposes of proper administration of the website. Only persons authorised to administer the IT system have access to the data referred to above. Files containing web server logs may be analysed for the purpose of preparing statistics concerning traffic on the website and occurring errors. Summary of such details does not identify the User.

6. SECURITY

6.1. Conversion takes care of security of Users’ personal data. For this purpose Conversion has implemented appropriate safeguards and means of protection of personal data taking into account risks connected with the process of personal data processing. In particular, Conversion applies technological and organisational means in order to secure personal data against being disclosed to unauthorised persons, taken over by an unauthorised person, changed, lost, damaged or destroyed, as well as processed in violation of the GDPR by using, among other things, SSL certificates. The compilation of Users’ personal data collected by Conversion is stored on a secured server, moreover, personal data are also secured by internal procedures of Conversion related to the processing of personal data and information security policy.

6.2. Conversion has also implemented appropriate technical and organizational measures, such as pseudonymisation, designed to effectively implement data protection principles, such as data minimization, and to provide the processing with the necessary safeguards to meet the GDPR requirements and protect the rights of data subjects.

6.3. Irrespective of the foregoing, Conversion states that using the Internet and services provided by electronic means may pose a threat of malware breaking into User’s teleinformatic system and device, as well as a third party gaining access to User’s data, including personal data. In order to minimise such threats, the User may use appropriate technical security means (antivirus programs) or programs securing identification of the User in the Internet.

7. COOKIES

7.1. For the purposes of correct operation of the website, Conversion uses cookie files (“Cookies”). Cookies are text information recorded on User’s device (computer tablet, smartphone) which may be read by the teleinformatic system of the Conversion or third parties.

7.2 Conversion uses two types of Cookies: (a) session cookies, which are permanently deleted upon closing the session of User’s browser; (b) permanent cookies, which remain on User’s device after closing the session until they are deleted.

7.3. It is not possible to determine the identity of the User or otherwise identify the User on the basis of Cookie files, whether session or permanent. Cookies prevents collection of any personal data.

7.4. Files generated directly by Conversion may not be read by other websites. Third-party cookies (i.e. cookies provided by entities co-operating with Conversion) may be read by an external server.

7.5. The User may individually change the Cookie settings at any time, stating the conditions of their storage, through the Internet browser settings or configuration of the service on the website.

7.6. The User may individually disable storing Cookies on his/her device at any time in accordance with the instructions of the Internet browser producer, but this may disable certain parts of or the entire operation of the website.

7.7. The User may individually remove Cookies stored on his/her device at any time in accordance with the instructions of the Internet browser producer.

7.8. Conversion uses own Cookies for the following purposes: authentication of the User on the website and maintaining User’s session; configuration of the website and adjustment of its content to the preferences or conduct of the User; analysis and research of views, including click number and path taken by the User on the website to improve its appearance and organisation of content, time spent on the website, number of Users and frequency of visits on the website.

7.9. Conversion uses third-party Cookies for the following purposes: preparing anonymous statistics for the purposes of optimising functionality of the website, by means of an analytic tool – Google Analytics – referred to in clause 5.2 above.

7.10. Details concerning cookie support are available in the settings of the browser used by the User.

8. FINAL PROVISIONS

8.1. This Privacy Policy comes into effect on 19.03.2021.