Privacy Policy

Data Responder Spółka z ograniczoną odpowiedzialnością (Limited Liability Company) with headquarters in Gdynia on al. Zwycięstwa 96/98, 81 - 451 Gdynia, registered in the KRS entrepreneurs’ register run by the Regional Court Gdańsk-Północ in Gdańsk, KRS’ 8th Economic Division, KRS number 0001093813, REGON: 528115740, NIP: PL5862403750 (further referred to as ‘Data Responder’) is the administrator of the processed personal data.

Having regard to the presumptions forming the basis for the introduction of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, this privacy policy intends to respect privacy and ensure the security of all data and information, including personal data, entrusted by persons who use, or who are interested in using the services of Data Responder, whilst at the same time allowing for efficient and effective provision of services by Data Responder, including the recognition of needs and behaviours of service users, and adapting the services offered by Data Responder to them.

The protection of personal data of natural persons is encompassed with particular care, and the notion of ‘personal data’ includes all information about the identified, or a natural person possible to identify, like for example: name and last name, pseudonym, identification number, address, telephone/fax number, email address, geolocation data, internet identifier, bank account number, the preference of the offered services, object of interest, regardless of the form such data has (tangible, intangible), including in particular personal data processed wholly, or partly in an automated manner.

In this document, among other things, one can find information about: (I and II) rules and methods, (III) the basis for procuring and processing data and information originating from users of this internet service, and also (IV and VI) information about the possibility and the procedure of exercising the rights conferred by law (in particular the GDPR) by the interested natural person, due to the processing of personal data by the administrator of the processed personal data.

I. The rules of personal data protection

1. Data Responder makes every effort to process any conveyed personal data according to the goal for which it was acquired, and use it only within the scope of the basis for which it was conferred, including the scope of the given permissions for processing, and the area of processing permitted by law.

2. All personal data is processed in a manner compliant with the requirements of the general, binding law, in particular in compliance with the requirements of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (further referred to as ‘GDPR’), the Personal Data Protection Act from 10 May 2018, the Electronic Performance of Services Act from 18 July 2002, and the Telecommunication Law Act from 16 July 2004.

3. We take care to process personal data in accordance with the rules regarding the merits-related correctness, and in adequacy with the goals for which such data was procured.

4. We process the entrusted data for a period necessary for achieving goals, for which this data was procured, and additionally we reserve the possibility of further processing this data for a time equal to the period of prescription for claims related to the services offered by us, or the period during which we are obliged to do so on the basis of general, binding provisions of law, e.g. tax provisions.

5. We ensure confidentiality, integrity, and accountability over the personal data processed by us.

6. Processed personal data is not shared further without the consent of the person from whom this data originates, or through whom it was acquired, unless the sharing is to entities authorised to process personal data on the basis of an agreement of assignation with Data Responder or other similar agreement, including entities cooperating with Data Responder (among others entities ensuring hosting, entities responsible for its security, providers of tools for movement analysis on internet websites, entities responsible for communication with customers, entities responsible for marketing and posting newsletters, other sub-contractors, law firms, staff-accountancy offices, internal IT service, couriers), or to entities authorised on the basis of binding provisions of law, e.g. state administration bodies, investigative authorities, administration of justice authorities.

7. Processed personal data is not transferred to states outside of the European Union and the European Economic Area.

8. Data Responder may process all types of data, including personal data, depending solely on the activity of a given user of Data Responder internet service.

9. Having regard to the state of technical knowledge, the cost of implementation and the nature, scope, and goals of processing as well as the risk of infringing the rights or liberties of natural persons, of varying probability of occurring and salience of hazard, Data Responder provides the technical and organisational means required by provisions of law, which ensure the protection of processed personal data, and the security of personal data from being shared with unauthorised persons, or its incidental loss, destruction, or damage, by among other things including:

   • allowing only authorised persons to work with the data;
   • forcing the protection of users’ access through the use of passwords;
   • using cryptographic protection means;
   • creating backup copies of the data no less than once every twenty-four hours, via an independent infrastructure.

II. Methods of acquiring data

1. Data, including personal data, is acquired by Data Responder through its conferral by a given user through Data Responder internet service, which is an automated data gathering, storage, and utilisation system available via a browser.

2. Moreover, Data Responder internet service uses ‘cookies’ files which constitute IT data, in particular test files, which are set as the default option which the user may independently renounce in the settings of the internet browser, at a cost of forfeiting full service functionality. These files are stored on the users’ end devices, and two types of ‘cookies’ files are used: (1) session – temporary files which are stored on the user’s end device until s/he leaves the service or until the internet browser is switched off, and (2) permanent – stored on the user’s end device for a time specified in the parameters of the ‘cookies’ files, or until a time when they are removed by the user.

3. Data Responder uses ‘cookies’ files for:

   • service configuration;
   • user verification in the service, and ensuring user’s session in the service;
   • implementation of processes essential for the full functionality of the internet website;
   • analysis and study of viewership;
   • ensuring security and reliability of the service.

4. No information constituting personal data of users or customers is stored within ‘cookies’ files.

5. ‘Cookies’ files featured on the user’s end device may also be used by other entities which have access to them, in particular for example Google Analytics.

III. The purpose for which the acquired data is used

1. Data shared by users, including personal data, is used for the conclusion and performance of contract, on the basis of which Data Responder performs services offered, which rely on the sharing of a service for gathering and managing data to interested users, and alternatively to transfer to users information about the business run by Data Responder, or other justified interest of the administrator, that is on the basis of Art 6(1)(b) and (f) of GDPR, and in the case of obtaining the appropriate consent, data may also be used for marketing purposes on the basis of Art 6(1)(a) GDPR.

2. Data may also be processed for statistical purposes.

IV. User’s rights

1. The transfer of data to Data Responder, including personal data, is the majority wholly voluntary and dependent only on the will and activity of particular service users, over which Data Responder has no influence.

2. Occasionally, the disclosure of personal data may be exceptionally necessary for the use of services offered by Data Responder, e.g. in the case of a natural person wanting to use the service.

3. In accordance with the binding provisions and in the foreseen by them scope, Data Responder respects the rights owed to natural persons:

   • obtainment of information about the processing of her/his personal data and access to it;
   • demanding personal data rectification, supplementation, or amendment;
   • the removal of personal data (‘the right to be forgotten’);
   • the limitation of the processing of personal data;
   • the transfer of personal data;
   • the withdrawal of earlier given consent for the processing of personal data;
   • the objection to the processing of personal data for administrator’s purposes, including direct marketing of her/his services and profiling, as well as the right to not being subject to a decision which is solely based on automated processing;
   • the right to lodge a complaint to a supervisory body if s/he considers her/his rights were infringed.

4. If the processing of personal data is occurring on the basis of consent granted by the person whose data is in question, such person has the right to withdraw consent at any moment, subject to the reservation that it will not affect the legal compliance of processing which occurred on the basis of consent granted prior to its removal, and the withdrawal will be effective at the moment at which the administrator finds out about it, nonetheless the administrator will cease to process personal data only when the processing will not be possible on another legal ground.

5. The natural person whose data is processed may exercise her/his rights stipulated above by sending an email message to Data Responder at privacy@dataresponder.com, in which her/his demand shall be presented and described in a manner allowing for its execution.

V. Changes to privacy policy

Changes to Data Responder’s privacy policy may be influenced by changes in the area of binding provisions of law, including in the area of personal data protection, as well as other factors like the published practice of state administration bodies, or the pursuance of the best quality of offered services, including in the area of personal data protection. The users of Data Responder internet service will be informed about the changes to privacy policy through an appropriate message on the Data Responder’s website, as well as alternatively through email via the indicated email addresses.

VI. Contact regarding the protection of personal data

We ask to send any questions and other matters related to the processing and protection of personal data by Data Responder, including messages regarding the will to exercise one’s rights as mentioned in paragraph IV above, to: privacy@dataresponder.com.