(principles of processing of personal data)
The security and confidentiality of your data is a priority for us. We assure you that we have always made and will make every effort to ensure the protection of your data by applying appropriate technical and organizational safeguards, including the application of appropriate protection when designing new services and solutions.
These terms and conditions serve to inform clients and interested parties about the purpose, scope and categories of processing of their personal data, the duration of data processing and about their rights, in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”), effective since 25 May 2018.
The Controller of your Data is Yetiz Interactive Sp. z o.o., with its registered office in Gdańsk, 80-244 Gdańsk, 103 Grunwaldzka Street, registered in the Register of Entrepreneurs of the National Court Register under the number KRS 0000221792, maintained by the District Court Gdańsk-Północ in Gdańsk, 7th Economic Department, NIP: 8512892922, REGON: 812725217 and the Management Board with the following composition: Piotr Rocławski and Anna Owczarczak. As Data Controller, we are responsible for ensuring the security of your personal data and its use in accordance with applicable laws. Any additional information can be obtained at firstname.lastname@example.org or by post to the address given as the address of the company’s registered office. The Controller of your Data is Yetiz Interactive Sp. z o.o., with its registered office in Gdańsk,
In order to guarantee the security of your data, we have carried out an Impact Assessment of the processing of personal data, taking into account the risks associated with the processing of personal data and the risk analysis of the security measures we apply. At present, we apply high-class, proven preventive measures and mechanisms to monitor the processing methods, flows and access to information in our possession in order to ensure that data processing is carried out not only in accordance with the law but also in accordance with the best practices in the field of data security and IT systems. Your data stored in our database will not be transferred outside the European Economic Area (EEA).
CATEGORIES OF PERSONAL DATA COLLECTED
The categories of personal data processed by us are personal data that come directly from the persons concerned (or are provided to us on their behalf) or personal data that are collected from publicly available sources, in particular: name, surname, e-mail address, telephone number, correspondence address. Currently, in connection with our business activities we inform you that we process (or may process) your personal data in the following processes:
• Personal data of our clients and contact persons
Data processing is required in order to provide all our services at the highest possible level, based on and within the scope of contracts or orders concluded with our clients. The refusal to provide such data makes it impossible to conclude agreements or accept orders. We will process all information relating to specific individuals or clients for the duration of the contract and five years after its termination (Article 6(1)(b) GDPR).
• Data of persons interested in cooperation with us
Data processing is voluntary, but necessary to establish cooperation with new clients, at the request of persons interested in our offer, only for the duration of negotiations and business talks. All data in this respect are available only with your consent and in the scope specified by you (Article 6(1)(a) GDPR).
• Personal data of our subcontractors and persons indicated for cooperation.
Data processing is necessary for the provision of services in accordance with applicable laws and regulations and for the proper cooperation with subcontractors. The refusal to provide data makes it impossible to achieve these purposes. We will process all information relating to specific individuals or clients for the duration of the contract and ten years after its termination, but not less than what is required by law (where applicable), (Article 6(1)(b) GDPR).
• Data used for newsletters and marketing
Data processing is voluntary. You will only receive newsletter information from us if you have consented to receive it by subscribing to the newsletter. We will process your personal data for marketing and information purposes until you withdraw your consent, (Article 6(1)(a) GDPR).
• Information on counterparties
Data processing is necessary for the fulfilment of legal obligations such as the Accounting Act and it is these regulations that form the basis for our data processing for a period of six years (five full years, according to the current legal situation). Refusal to provide data makes it impossible to conclude a contract, (Article 6(1)(c) GDPR).
• Information about our employees and job applicants. The processing of data is necessary for the fulfilment of legal obligations, e.g. imposed by Labour Law, and it is these regulations that form the basis for the processing of data by us for the period of time required by law. Refusal to provide data makes it impossible to conclude a contract, (Article 6(1)(c) GDPR). The data concerning job applicants is available to us thanks to the consent given to us and we process it throughout the recruitment process. However, subject to your consent, we may retain them for a period of one year for the purpose of future recruitment (Article 6(1)(a) GDPR).
We process video surveillance data to protect individuals and property and consider it a legitimate purpose. All data collected in this way shall be kept for one month (Article 6(1)(f) GDPR).
• Contact via e-mail or form
Data processing is required to enable the provision of services in the event of answering questions to our clients and contractors via e-mail, text messages and telephone. Providing personal data is voluntary. (Article 6(1)(a) GDPR).
• the Controller informs that he may use profiling for marketing purposes, but the decisions made on its basis by the Controller do not concern the conclusion or refusal to conclude an agreement or the execution of an order.
• The effect of using profiling on the Website can be e.g. granting a discount or sending a purchase proposal, which may correspond to the preferences of a given person. In each case, it is up to the person concerned to decide whether he or she wishes to take advantage of the proposals received.
TRANSFERS OF PERSONAL DATA
Personal data may be transferred to the following categories of recipients:
• authorized employees and associates of the Controller and entities processing personal data on behalf of the Controller, including IT service providers, accounting, legal and consulting companies – solely on the basis of a relevant agreement;
• couriers, carriers, shipping companies and participants in the shipping process – to the extent necessary to carry out the order for the Client;
• entities providing technical or organisational support as well as entities authorised on the basis of legal regulations.
In each of these cases, we endeavour to keep our data up to date and accurate; with your privacy in mind, all information constituting personal data is minimized to a degree that allows us to process it properly.
RIGHTS OF PERSONS WITH REGARD TO PERSONAL DATA
At any stage of the processing of data by us, you have the right to:
• access to your data, including obtaining information about the scope of data processed by us and obtaining a copy of your data;
• modify and correct your data, including if there are no other legal contraindications to limit the scope of their processing;
• completely delete your data (“the right to be forgotten”), if there are no other legal contraindications;
• opt out from automated decisions based on profiling;
• object to unlawful processing of personal data (including the withdrawal of consent at any time without affecting the lawfulness of the processing carried out on the basis of consent prior to its withdrawal);
• transfer of data to another Data Controller, if the data are processed in connection with the consent granted or the agreement concluded;
• file a complaint. A complaint concerning the processing of personal data may be lodged with the supervisory authority dealing with the protection of personal data. In the Republic of Poland, the supervisory authority is the President of the Office for the Protection of Personal Data.
In order to ensure proper service of your enquiries and to maintain due diligence during their service, you may apply for the exercise of your rights by sending correspondence on this matter to email@example.com. Each application submitted by you is considered individually and in accordance with the applicable law. We remind you that the possibility of using a specific right may depend on the legal basis assumed for the specific processing of your data and, for example, whether the processing of your data is dependent on the performance of a contract or a service. Your requests will be processed without undue delay, within a maximum of one month of receipt, however, it is possible that due to the nature of the request we will not be able to meet this deadline, in which case you will be notified of the delay and its causes. Similarly, if such circumstances should occur, we will inform you of the reasons for refusal to accept and process the request. Please be advised that the first request is processed free of charge, however, if your request is unreasonable or excessive, we reserve the right to charge a fee for the retransmission of information. You will be informed immediately of the amount of the fee or any other reason for which we are unable to process your request. In addition, in order to guarantee the security of the information provided, if we are unable to identify you correctly as a person authorized to receive data, we reserve the right to change the way in which we provide information, of which you will be informed. In the event of exercising the right to transfer data, the Data Controller shall directly transfer such data to another Data Controller, provided that it is technically feasible. The person applying for the exercise of this right will be informed of the decision on the possibility of transfer.
This Policy shall be effective as of 25 May 2018 until further notice and fulfils the legal obligation under Articles 13 to 14 GDPR. We reserve the right to change the current rules, always in order to improve the quality of our services and respecting your rights and privacy.
Yetiz Interactive Sp. z o.o.