The protection of personal data is treated by WEimpact sp. z o.o. as an important aspect in its business operations. As a company specializing in services related to programming and the development of Artificial Intelligence AI, we feel particularly responsible for the security of personal data processed by us as a result of our activities. ‘GDPR’). The goal of our company is also to inform you properly about matters related to the processing of personal data, especially regarding the content of the new provisions on the protection of personal data, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27/04/2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (‘GDPR’). This document informs about the new legal basis for the processing of personal data, the methods of collecting and using it, and the rights of data subjects related to it.
WHAT ARE PERSONAL DATA AND WHAT DOES IT PROCESSING MEAN IN PRACTICE?
Personal data means information about an identified or identifiable natural person. The processing of personal data is any activity carried out on personal data, regardless of whether it is carried out in an automated manner or not, e.g. collecting, storing, recording, organizing, modifying, viewing, using, sharing, limiting, deleting or destroying. WEimpact sp. z o.o. processes personal data for various purposes. Depending on the purpose of their processing, different methods of collection and legal grounds for the processing, use, disclosure and storage periods of these data may apply.
WEimpact sp. z o.o. with headquarters at 3/G Jana Janowicza Streen, Olsztyn 10-692, entered in the Register of Entrepreneurs kept by the DISTRICT COURT FOR THE CITY OF WARSAW, WARSAW, XII FACULTY OF ECONOMIC COUNTRY OF THE NATIONAL COURT REGISTER under the number KRS: 0000810536, NIP (Tax Identification Number): 7010951924, REGON: 384709270, share capital 59 250 zł.
The person responsible for the protection of personal data in the company is the Wacław Rosa the data protection officer (DPO) appointed for this purpose, contact to DPO at WEimpact sp. z o.o. e-mail: firstname.lastname@example.org.
HOW, ON THE BASIS OF WHICH LEGAL PROVISIONS AND WHAT KIND OF PERSONAL DATA ARE PROCESSED BY US?
Our goal is to be transparent about the methods and legal grounds for the processing of personal data by us and the purposes of their processing. WEimpact sp. z o.o. ensures that we always indicate the necessary information in this regard to everyone whose personal data we process as a data controller. We want our clarification of these issues to be legible and understandable, so we present the following list of personal data processing operations.
We would also like to point out that whenever we process personal data based on the legitimate interest of the data controller, we always try to analyze and balance our company’s interests and the potential negative or positive impact on the data subject. We also always have in mind the rights of individuals under the provisions on the protection of personal data. We do not process personal data on the basis of our legitimate interests, when we come to the conclusion that the negative impact on the person, the data subject outweigh over our interest. In this case, we may process personal data if we have the appropriate consent or it is required or permitted by law.
We process personal data of visitors to the WEimpact sp. z o.o. website who intend to contact us via the contact form.
Natural persons visiting our company’s website or using the services provided by us electronically have control over the personal data they provide to us. Our internet service limits the collection and use of information about users to the minimum necessary to provide our services at the appropriate level, in accordance with art. 18 of the Act of July 18, 2002 on the provision of electronic services.
- monitoring traffic on our websites;
- collecting anonymous, aggregate statistics that allow us to understand how users use our website and enable us to continuously improve our products;
- determining the number of anonymous users of our websites, which is needed to analyze the use of the website
Content from external suppliers may contain cookies from other entities, therefore it is recommended that the user become familiar with the rules of using cookies to operate websites by these external suppliers.
The user may manage cookies used by WEimpact sp. z o.o. or by any other external providers, changing the settings of your web browser.
WEimpact sp. z o.o. collects information about the use of the website by its users. WEimpact Sp. z o.o does not collect user IP addresses.
We collect more detailed information about users, such as e-mail addresses or other personal data, when it is actually necessary to provide a specific service in some cases, e.g. when performing services resulting from service contracts.
- Processing of personal data of WEimpact sp. z o.o. customers.
- Processing of personal data of persons contacting our company in order to obtain information about our offer or to share comments regarding the services rendered.
- Processing of personal data of persons contacting us in order to conclude a contract for the provision of services in the sale of the services we offer.
- Processing of personal data using telecommunications terminal equipment for direct marketing by WEimpact sp. z o.o. (in accordance with Article 172 of the Telecommunications Law).
- Processing of personal data for the purpose of sending commercial information by WEimpact sp. z o.o. by means of electronic communication in the field of personal data protection (in accordance with Article 10 of the Act on the provision of electronic services).
AUTOMATIC PROCESSING OF PERSONAL DATA
WEimpact sp. z o.o. profiles for marketing purposes, i.e. matching the marketing offer to the listed preferences.
LEGAL GROUNDS FOR PROCESSING
In the case of personal data processing in connection with the users’ use of the Website and our other services, we are dealing with different types of legal grounds for data processing, depending on the category of personal data that we process and the purpose of processing. For example:
- Processing of personal data of persons contacting in order to obtain information about the offer or share comments regarding our services as well as contacting us to conclude an agreement with WEimpact sp. z o.o.
- In addition to the data referred to in the previous section (Processing of personal data of visitors to the website operated by our company), from natural persons who contact us to obtain information about the offer or to share comments about services as well as are contacting in order to conclude a contract with us, we collect the following personal data: name and surname, position, company address, company KRS, NIP, REGON numbers, e-mail address and telephone / fax number. In particular, they can send us an email via the website. Such messages contain an e-mail address and additional information that the user wants to include in the message.
Please do not electronically provide information from specific categories of personal data (such as information about race or ethnic origin, political views, religious or philosophical beliefs, trade union membership, information about physical or mental health, genetic data, biometric data, information about sexual life or sexual orientation and criminal past). In case that such information is provided for any reason, we will delete this information.
We collect this data based on the consent expressed by the user directing the above request to us or for the purpose of performing the contract, i.e. fulfilling the request submitted by a given person. We may also process the provided data based on the justified purpose of the data administrator.
PROCESSING PERSONAL DATA OF WEimpact sp. z o.o. CLIENTS AND POTENTIAL CLIENTS
WEimpact sp. z o.o. processes the personal data of its clients and potential clients. This data may also include personal data of persons related to WEimpact sp. z o.o. clients who are not natural persons (e.g. contact persons). Personal data of this type is processed in IT systems used by WEimpact sp. z o.o.
Personal data processed in connection with these needs include among others: name and surname, employer’s name, contact person position, telephone number, e-mail address or other business contact details. In addition, in the case of customers who have concluded with WEimpact sp. z o.o. payable contracts, we also process payment data, including bank account numbers. Personal data of business contacts may be disclosed to our regular colleagues with whom we have relevant personal data entrustment agreements.
AUTOMATIC PROCESSING OF PERSONAL DATA
The information that we collect in connection with the use of our services is not processed in an automated manner (including in the form of profiling), and if automatic processing, however, would occur, it will not cause any legal effects on the person or similarly significantly affect it in situations.
LEGAL GROUNDS FOR PROCESSING
The processing of personal data of natural persons who are our clients is based on:
- the legitimate interest of WEimpact sp. z o.o. as a data administrator (e.g. in the scope of creating a database, direct marketing of own services, securing documentation for the purposes of defense against possible claims or for the purpose of pursuing claims);
- consents (including in particular consents to e-mail marketing or telemarketing);
- performing the concluded contract;
- obligations arising from law (e.g. tax law or accounting regulations).
The processing of personal data of natural persons who are potential customers is based on:
- the legitimate interest of WEimpact sp. z o.o. as a data administrator (e.g. in creating a database, direct marketing of own services);
- consents (including in particular consents to e-mail marketing or telemarketing).
HOW LONG DO WE PROCESS PERSONAL DATA?
The time in which we can process personal data depends on the legal basis which is the legal condition for the processing of personal data by WEimpact sp. z o.o. In the policies in force at WEimpact sp. z o.o., we specify that we must never process personal data for more than a period longer than required by applicable law. Therefore, we inform that:
- in the event that WEimpact sp. z o.o. processes personal data based on consent, the processing period lasts until the user withdraws this consent;
- in the event that WEimpact sp. z o.o. processes personal data on the basis of the legitimate interest of the data controller, the processing period lasts until this interest ceases, e.g. the limitation period for civil law claims or until an objection is lodged by the data subject, further processing – in situations where such an objection in accordance with applicable law and the actual state of affairs;
- in the event that WEimpact sp. z o.o. processes personal data because it is necessary due to applicable law, the periods of data processing for this purpose are specified in these provisions (this is, for example, an obligation under the law to store User’s Personal Data for a longer period or if the User’s Personal Data is needed to provide legal charges or taking defense against legal charges, the data will be kept until the cessation of the said charges or their validity;
- in the case of absence of specific legal or contractual requirements, the basic period of data storage in the case of records and other documentary evidence prepared during the performance of the contract with our company is a maximum of 10 years.
WHEN AND HOW DO WE SHARE PERSONAL DATA TO THIRD PARTIES AND DO WE TRANSFER DATA TO THIRD COUNTRIES?
Our company shares personal data to others only when permitted by law. In this case, in a specific contract with a third party we place security provisions and mechanisms aimed at protecting data and maintaining our standards in the field of data protection, confidentiality and security.
Such contracts are called contracts for entrusting the processing of personal data, and WEimpact sp. z o.o. retains control over how and to what extent a third party to whom WEimpact sp. z o.o. entrusted the processing of certain categories of personal data, processes this data. Therefore, we would like to inform you that the recipients of personal data which WEimpact sp. z o.o. processes as a personal data administrator may be:
- the above-mentioned entities processing personal data under contracts entrusting the processing of personal data (so-called processors);
- entities providing hosting services for WEimpact sp. z o.o.;
- other subcontractors of WEimpact Sp. z o.o, providing services in the field of software delivery, software or hardware maintenance services used by WEimpact as well as suppliers of goods which we use;
- debt collection companies (whereby we transfer personal data only to the extent that it is actually necessary to achieve a given purpose);
- auditors and statutory auditors, legal advisers, tax advisers, entities providing HR and accounting services for our company;
- supervising law enforcement authorities, regulatory authorities and other public administration authorities.
However, in the last two cases, we transfer data only if and to the extent that it is actually necessary and required under mandatory provisions of law and in a manner consistent with those provisions.
In the case of personal data subject to EU rules, it should be noted that: cross-border transfers may relate to countries not belonging to the European Economic Area and countries that do not have rules that specify special protection for personal data. We have taken steps to ensure adequate protection of all personal data and the lawfulness of transferring personal data outside the EEA. In the case of transferring personal data outside the EEA to a country which, according to the European Commission, does not provide an adequate level of personal data protection, the transfer takes place only on the basis of an agreement which takes into account the EU requirements for the transfer of personal data outside the EEA.
RIGHTS OF DATA ENTITIES AND THE MANNER OF THEIR IMPLEMENTATION
Natural persons have specific rights regarding their personal data and WEimpact sp. z o.o. as a data controller, he is responsible for the implementation of these rights in accordance with applicable law. In case of any questions and requests regarding the scope and implementation of the said rights, as well as to contact us to exercise a specific right in the field of personal data protection, please contact us via the form on our website or the email address in the contact tab.
We reserve the right to realise the following rights after positive verification of the identity of the person applying for performing a particular activity.
ACCESS TO PERSONAL DATA
Natural persons have the right to access data we store as a data controller. This right can be exercised by sending an email to the address in the contact tab on our website.
CHANGE OF PERSONAL DATA
Changes, including the ability to update your personal data which WEimpact sp. z o.o. processes, can be made by sending an email to the address on the contact tab on our website.
WITHDRAWAL OF CONSENT
In the case of processing personal data based on consent, natural persons have the right to withdraw this consent at any time. We inform you of this at any time when our company obtains consents and allow you to withdraw your consent in the same easy manner as it was given.
THE RIGHT TO LIMIT PROCESSING OR OBJECT TO THE PROCESSING OF PERSONAL DATA
Natural persons have the right to limit the processing or object to the processing of their personal data at any time, due to their special situation, unless the processing is required by law.
An natural person may object to the processing of his personal data when:
- the processing of her personal data is based on a legitimate interest or for statistical purposes, and the opposition is justified by the particular situation in which she finds herself,
- personal data is processed for the purposes of direct marketing, including being profiled for this purpose.
On the right to object can be used at any time.
On the other hand, given the demand to limit data processing, it applies when, for example, a person notices that their data is incorrect. Accordingly, she may request the restriction of the processing of her data for a period enabling us to check the correctness of this data.
OTHER RIGHTS: THE RIGHT TO REQUEST DELETION OF DATA AND THE RIGHT TO TRANSFER DATA
In the case of willingness to implement these rights, please send an email to the e-mail address on the contact tab on our website or to the Data Protection Officer appointed in WEimpact sp. z o.o.
The right to delete data can be used, e.g. when the data of a natural person are no longer necessary for the purposes for which they were collected by WEimpact sp. z o.o. or when a natural person withdraws his consent to data processing by WEimpact sp. z o.o. In the event that a natural person objects to the processing of his data or if his data will be processed unlawfully. The data should also be deleted to comply with the obligation arising from the law.
The right to data portability applies when the processing of a person’s data takes place on the basis of the consent of a natural person or a contract concluded with him and when the processing is carried out automatically.
ALL OTHER QUESTIONS, DOUBTS AND COMPLAINTS
All complaints received will be considered and we guarantee that we will answer them.
Persons whose personal data WEimpact Sp z o.o, they also have the right to lodge a complaint with the supervisory body, which is the President of the Personal Data Protection Office.
Personal Data Protection Office ul. Stawki 2
00-193 Warszawa, Poland
tel. 22 531 03 00
New laws will apply, new guidelines of the authorities responsible for overseeing personal data protection processes, best practices will be required used in the area of personal data protection, especially Codes of Good Practices, if WEimpact sp. z o.o. will be bound by such Codes, we will inform you about this fact.