Administrator – IBCS Poland Sp. z o.o. with headquarters at 46 Piłsudskiego St.; 33-300 in Nowy Sącz, registered at the District Court for Kraków Śródmieście, 12th Economic Department. under the KRS number: 0000030677, email firstname.lastname@example.org
GDPR (General Data Protection Regulation) – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 /EC.
Website – websites run by the Administrator at the following addresses:
User – any person visiting the Website or using one or more services or functionalities described in the Policy.
2. Data processing
In connection with the User’s use of the Website, the Administrator collects data to the extent necessary to provide individual services. Detailed rules and purposes of processing personal data collected during the use of the Website by the User are described below.
3. Purposes and legal grounds for data processing
Personal data of all Users using the Website (including IP address or other identifiers and information collected via cookies) are processed by the Administrator:
- in order to provide electronic services in the scope of making the content collected on the Website available to Users, – then the legal basis for processing is the necessity of processing to perform the contract (Article 6 (1) (b) of the GDPR);
- for analytical and statistical purposes – then the legal basis for processing is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR), consisting in conducting analyzes of Users’ activity, as well as their preferences in order to improve the functionalities used and the services provided;
- in order to possibly establish and pursue claims or defend against them – the legal basis for processing is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR) consisting in the protection of his rights.
User’s activity on the Website, including his personal data, is recorded in system logs (a special computer program used to store a chronological record containing information about events and activities related to the IT system used to provide services by the Administrator). The information collected in the logs is processed primarily for purposes related to the provision of services. The Administrator also processes them for technical and administrative purposes, for the purposes of ensuring the security of the IT system and managing this system, as well as for analytical and statistical purposes – in this respect, the legal basis for processing is the Administrator’s legitimate interest (Article 6 (1) (f) GDPR).
4. Contact form
As part of the Website, the Administrator enables contact with him using electronic contact forms. Using the form requires providing personal data necessary to contact the User. Providing data marked as mandatory is required in order to accept and handle the inquiry, and failure to do so results in the inability to handle.
Personal data is processed:
- in order to identify the sender, handle his inquiry sent via the provided form – the legal basis for processing is the necessity of processing to perform the service contract (Article 6 (1) (b) of the GDPR);
- for analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR) consisting in keeping statistics of inquiries submitted by Users via the Website in order to improve its functionality.
The Administrator processes Users’ personal data in order to carry out marketing activities, which may include:
- displaying marketing content to the User corresponding to his interests (behavioral advertising);
- displaying marketing content to the User that is not tailored to his preferences (contextual advertising).
In order to carry out marketing activities, the Administrator uses profiling in some cases. This means that thanks to automatic data processing, the Administrator evaluates selected factors relating to natural persons in order to analyze their behavior or create a forecast for the future.
The Administrator processes Users’ personal data for marketing purposes in connection with directing contextual advertising to Users (i.e. advertising that does not match the User’s preferences). The processing of personal data takes place then in connection with the implementation of the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR).
The Administrator and its partners process Users’ personal data, including personal data collected via cookies (described below), for marketing purposes in connection with targeting behavioral advertising to Users (i.e. advertising that is tailored to the User’s preferences). The processing of personal data then also includes profiling of Users. The use of personal data collected through this technology for marketing purposes, in particular in the field of promoting services and goods of third parties, requires the consent of the User. This consent may be withdrawn at any time.
The Administrator’s website uses “cookies”. Failure to change the browser settings on the User’s side is tantamount to consenting to their use. Cookies are short text information saved on a computer, phone, tablet or other user’s device. They can be read by the Administrator, as well as by systems belonging to other entities whose services are used (such as Google). Cookies usually contain the name of the website they come from, the storage time on the end device and a unique number. More information on cookies can be found at www.allaboutcookies.org
Cookies are used for the following purposes: maintaining the security of services and preventing fraud, facilitating website performance, registering visits for marketing and statistical purposes, using social functions, supporting the personalization of websites (e.g. saving language settings). Cookies may also be used and posted by partners cooperating with the Administrator – then they are subject to cookie policies or privacy policies of the entities that publish them.
The administrator reserves the right to use Google Tag Manager for marketing purposes. This is related to the use of Google cookies, e.g. Google Analytics codes.
If you use Google Chrome, the instructions can be found here – https://support.google.com/chrome/answer/95647?hl=en
If Mozilla Firefox is used, the instructions can be found here – https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
If you use Safari, the instructions can be found here – https://support.apple.com/pl-pl/guide/safari/sfri11471/mac
For instructions on using Microsoft Edge, see here – https://docs.microsoft.com/en-us/microsoft-edge/devtools-guide/debugger/cookies
In the case of using Internet Explorer, the Administrator suggests changing the tool to one of the above, and the instructions can be found here – https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
7. User data processing
Within the European Economic Area (EEA):
As part of the Website, the User’s data is processed by entities cooperating with the Administrator, which, in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement such data and the repeal of Directive 95/46 / EC are required to comply with high standards of privacy analogous to those contained in the Policy.
In the case of the HotJar tool (headquarters address: Level 2, St Julian’s Business Center, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta) – The collected data, as a rule, makes it impossible to identify a specific person, and more information about the privacy standards of the tool is available under the link GDPR Commitment and Do Not Track
In the case of the YouLead sp.z o.o. (address: ul. Wrzesińska 12/39; 03-713 Warsaw) – The tool is used to automate sales processes, and more information about the privacy standards of the tool is available at https://www.youlead.pl/pl/twoje-dane-1/
Outside the European Economic Area (EEA):
Due to the fact that some entities cooperating with the Administrator are based outside the European Union, and therefore in the light of the provisions of the GDPR, they are treated as the so-called third countries. The administrator ensures that, in accordance with the implementing decision of the European Commission of 12 July 2016 (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us -privacy-shield_pl) in such cases, data is transferred to entities from the United States that have joined the Privacy Shield program (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
For Google Inc. (headquarters address: 1600 Amphitheater Parkway, Mountain View, CA 94043, USA) – The collected data makes it impossible to identify a specific person, and more information about the privacy standards of the tool is available at https://policies.google.com/technologies/partner-sites?hl=en In addition, using the following link: https://tools.google.com/dlpage/gaoptout?hl=en it is possible to disable the activity measured by Google Analytics.
For Facebook Inc. (headquarters address: Facebook Inc., 1601 S. California Ave. Palo Alto, CA 94304, USA) – https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active. As a rule, the collected data makes it impossible to identify a specific person, and more information about the privacy standards of the tool is available at https://www.facebook.com/about/privacyshield.
The data may be made available to business partners https://www.ibcs.pl/en/about-us/business-partners/ in order to obtain a special offer.
Thus, the above companies guarantee compliance with standards analogous to the Regulation in the field of personal data protection, and the Administrator’s use of their technology when processing personal data is legal.
8. The period of personal data processing
The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. As a rule, the data is processed for the duration of the provision of the service or the performance of the order, until the consent is withdrawn or an effective objection to data processing is raised in cases where the legal basis for data processing is the Administrator’s legitimate interest.
Data processing period may be extended if the processing is necessary to establish and assert any claims or defend against them, and after that time only if and to the extent that it will be required by law. After the expiry of the processing period, the data is irreversibly deleted or anonymized.
9. User rights
The User has the right to:
- access to the content of data and demand its rectification,
- delete data,
- restrict processing,
- transfer data,
- object to data processing,
- lodge a complaint with the supervisory body – the President of the Personal Data Protection Office, Stawki 2, 00-193 Warsaw.
To the extent that the User’s data is processed on the basis of consent, it can be withdrawn at any time by contacting the Administrator.
The User has the right to object to the processing of data for marketing purposes, if the processing takes place in connection with the legitimate interest of the Administrator, and – for reasons related to the specific situation of the User – in other cases where the legal basis for data processing is the Administrator’s legitimate interest (e.g. in connection with the implementation of analytical and statistical purposes).
10. Data recipients
In connection with the provision of services, personal data will be disclosed to external entities, including in particular suppliers responsible for the operation of IT systems, marketing agencies (in the field of marketing services) and entities related to the Administrator.
If the User’s consent is obtained, his data may also be made available to other entities for their own purposes, including marketing purposes.
The Administrator reserves the right to disclose selected information about the User to the competent authorities or third parties who submit a request for such information, based on an appropriate legal basis and in accordance with the provisions of applicable law.
Contact with the Administrator is possible at the e-mail address email@example.com or in writing to the address of the Administrator’s seat.
The policy is verified on an ongoing basis and updated if necessary. The current version of the Policy has been adopted and is effective from July 1st , 2020.