A User, for the needs of this policy is defined as a person contacting and/or ordering services provided by the Administrator.
itCraft s.c., NIP: 5222966148, REGON: 142693160, based in Warsaw 01-460, Górczewska 228 lok. 22, e-mail: firstname.lastname@example.org is an Administrator of Personal Data according to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/WE (General Data Protection Regulation)L 119/40 PL Dziennik Urzędowy Unii Europejskiej 4.5.2016.
Contact regarding the processing of personal data by the Administrator: email@example.com
§2. The purpose of collecting and processing of personal data by the Administrator
The user entrusts the Administrator with the processing of personal data in order to use the WWW services and for the processing of User`s queries and orders made using Administrator`s contact form, including sending of personalised business information to the User.
The user providing a contact phone number agrees to be contacted by Administrator by phone in order to enable the Administrator to provide services outlined in point 1 above.
The User providing an email address agrees to be contacted by Administrator by email in order to enable the Administrator to provide services outlined in point 1 above.
User's consent by providing the information is voluntary whereas lack of such consent may cause the Administrator to not be able to process queries/ orders placed using the contact form.
In an event of establishing cooperation between User and Administrator access to personal data may need to be granted to sub-contractors and affiliated partners of the Administrator. This will be clearly communicated to the User and access granted only with User's permission.
§3. The scope of data processing by Administrator
Name and surname
The processing of above data includes creating of backup copies of data.
The website runs an automated system allowing monitoring of user's behavior and adjusting of presented content to user's interests. The system is integrated in the service and each user can opt out or voice their reservations at any time.
The User can change the settings of cookies files by setting conditions of access and keeping of cookies files data in browser settings. The settings may be adjusted in such way as to block automatic processing of cookies by the browser or/and notifying the user each time cookies are placed on User's device. Detailed information on use and processing of cookies is available in program (browser) settings.
The User can delete cookies using browser functions at any time.
The will notify of the gathering of personal data of Users for registration in scope and under conditions stated in GDPR and all other regulations.
§4. The rights of Users whose data is processed.
The Users have the right to:
Access their personal data
Change their personal data
Remove their personal data
Restrict the rights to process personal data
Move personal data
File complaints regarding personal data processing
In order to exercise above rights the User should contact the Administrator at firstname.lastname@example.org
The Administrator will address User's reservations/ complaints without delay noting that removal,restriction,moving or complaints regarding data processing may impact the ability to provide relevant business information regarding User's query/order.
§5. Timeframes for keeping and processing of personal data by Administrator
The Administrator keeps User's provided personal data no longer then it is required to accurately service the User's query/order, including preparation of personalised business offer and fulfillment of Administrators obligations. After that period data is stored only to secure fulfillment of User's obligations to Administrator. User's can at any time request removal of personal data.
§6. Administrator`s obligations
The Administrator of personal data is obliged to process personal data in a safe and secure manner as per Regulation, especially with regard to:
Securing the data from unauthorised access, obtaining, changing or destruction.
Allow only Administrator authorised access to processed data
Ensuring appropriate control of processed data
Keeping record of persons authorised to access and process personal data with particular care that persons authorised keep the data confidential during and after Administrator`s use of them. This will be done by signing appropriate NDA and training in keeping data confidentiality
Keeping records of the methods and technologies used to ensure data confidentiality.
Ensuring that all electronic systems and devices used to store and process personal data comply with Internal Affairs and Administration Regulation dated 29th of April 2004 regarding personal data documentation as well as technical and organisational conditions for systems and devices processing such data.