§1. General information
- A User, for the needs of this policy is defined as a person contacting and/or ordering services provided by the Administrator.
- itCraft sp. z o.o., NIP: 5222966148, REGON: 142693160, based in Warsaw 02-222, Aleje Jerozolimskie 181B, e-mail: firstname.lastname@example.org is an Administrator of Personal Data according to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/WE (General Data Protection Regulation)L 119/40 PL Dziennik Urzędowy Unii Europejskiej 4.5.2016.
- Contact regarding the processing of personal data by the Administrator: email@example.com
§2. The purpose of collecting and processing of personal data by the Administrator
- The user entrusts the Administrator with the processing of personal data in order to use the WWW services and for the processing of User`s queries and orders made using Administrator`s contact form, including sending of personalised business information to the User.
- The user providing a contact phone number agrees to be contacted by Administrator by phone in order to enable the Administrator to provide services outlined in point 1 above.
- The User providing an email address agrees to be contacted by Administrator by email in order to enable the Administrator to provide services outlined in point 1 above.
- User’s consent by providing the information is voluntary, whereas lack of such consent may cause the Administrator to not be able to process queries/orders placed using the contact form.
- In an event of establishing cooperation between User and Administrator access to personal data may need to be granted to sub-contractors and affiliated partners of the Administrator. This will be clearly communicated to the User and access granted only with User’s permission.
§3. The scope of data processing by Administrator
- Name and surname
- Email address
- Telephone number
- The processing of above data includes creating backup copies of data.
- The website runs an automated system allowing monitoring of user’s behavior and adjusting of presented content to user’s interests. The system is integrated in the service and each user can opt out or voice their reservations at any time.
- The User can change the settings of cookies files by setting conditions of access and keeping of cookies files data in browser settings. The settings may be adjusted in such way as to block automatic processing of cookies by the browser or/and notifying the user each time cookies are placed on User’s device. Detailed information on use and processing of cookies is available in program (browser) settings.
- The User can delete cookies using browser functions at any time.
- The Administrator will notify of the gathering of personal data of Users for registration in scope and under conditions stated in GDPR and all other regulations.
§4. The rights of Users whose data is processed.
- The Users have the right to:
- Access their personal data
- Change their personal data
- Remove their personal data
- Restrict the rights to process personal data
- Move personal data
- File complaints regarding personal data processing
- In order to exercise above rights the User should contact the Administrator at firstname.lastname@example.org
- The Administrator will address User’s reservations/complaints without delay noting that removal, restriction, moving or complaints regarding data processing may impact the ability to provide relevant business information regarding User’s query/order.
§5. Timeframes for keeping and processing of personal data by Administrator
The Administrator keeps User’s provided personal data no longer than it is required to accurately service the User’s query/order, including preparation of personalised business offer and fulfillment of Administrators obligations. After that period data is stored only to secure fulfillment of User’s obligations to Administrator. User’s can at any time request removal of personal data.
§6. Administrator`s obligations
The Administrator of personal data is obliged to process personal data in a safe and secure manner as per Regulation, especially with regard to:
- Securing the data from unauthorised access, obtaining, changing or destruction.
- Allow only Administrator authorised access to processed data
- Ensuring appropriate control of processed data
- Keeping record of persons authorised to access and process personal data with particular care that persons authorised keep the data confidential during and after Administrator`s use of them. This will be done by signing appropriate NDA and training in keeping data confidentiality
- Keeping records of the methods and technologies used to ensure data confidentiality.
- Ensuring that all electronic systems and devices used to store and process personal data comply with Internal Affairs and Administration Regulation dated 29th of April 2004 regarding personal data documentation as well as technical and organisational conditions for systems and devices processing such data.