- We respect the right to privacy and we care about data security. For this purpose, among others, we use secure socket layer (SSL) at the stage of Registration, login and use of the Application.
- Payments are processed outside of the Application. Personal data and/or card details needed to make the Payment are recorded in an IT system dedicated by the External Payment Channel. For billing purposes, the invoice data are saved in the Application.
- Personal data provided in the Application are treated as confidential and are not visible to other Users except for the Account Holder and the Account Administrator or authorized persons on the Service Provider’s side.
Service Provider as a Data Controller
- The Service Provider is the controller of data of its customers. This means that if you have an Account in the Application, we process your data such as: forename, surname, e-mail address, telephone number, position, place of work, IP address. However, we are not the data controller for your Leads.
- The Service Provider is also the data controller for subscribers to the newsletter and subscribers to webinars.
- Personal data are processed:
a. in accordance with the legal rules for the protection of personal data,
c. to the extent and for the purpose necessary to establish and define the wording of the Contract, amend or terminate the Contract, or to properly provide Services electronically,
d. to the extent and for the purpose necessary to fulfill legitimate interests (legitimate purposes), while the processing does not violate the rights and liberties of the data subject,
e. to the extent and for the purpose consistent with your expressed consent, if you have subscribed to the newsletter,
f. to the extent and for the purpose consistent with your expressed consent, if you have subscribed to a webinar.
- Each data subject (where we are the data controller) has the right to access, rectify, delete or limit processing of the data, the right to object, the right to file a complaint to the supervisory body.
- You can contact the person supervising the processing of personal data in the organization of the Service Provider electronically at the following e-mail address: firstname.lastname@example.org.
- If you have access to the Application, you can log in to your Account and you can easily change your data, update, delete and transfer your data by exporting data saved in the Application to .csv format.
- We reserve the right to process your data after termination of the Contract or withdrawal of consent only to the extent necessary to seek possible claims before courts, or if the national or EU or international law requires us to retain data.
- The Service Provider has the right to share personal data of the User and their other data with entities authorized under the applicable law (e.g. to law enforcement agencies).
- Personal data may be deleted as a result of:
a. termination of the Contract;
b. withdrawal of the consent, or submission of a legally permitted objection to the processing of personal data.
- The Service Provider does not share personal data with entities other than those authorized under the applicable law.
- We have put in place pseudonymization, data encryption and we have introduced access control, whereby we minimize the effects of possible data security breaches.
- We regularly test the security of the Application and we have put in place a backup procedure.
- Personal data are processed only by those authorized to do so, or by processors with whom we work closely.
Service Provider as a Processor.
Agreement for entrustment of personal data processing
- In the event of conducting a marketing campaign and collecting personal data (Leads) using the Landing Page, the User is required to obtain appropriate consent for personal data processing and fulfill the information obligations under the law, including to enter into an agreement for entrustment with the Service Provider. With respect to such personal data, the Account Holder is the data controller, is responsible for processing data and authorizes other Users within their Account to process data. The Service Provider is the data processor acting on behalf of and for the benefit of the Account Holder solely with respect to such personal data as part of the delivery of the ICT system.
- The User entrusts the Service Provider with the processing of personal data for the correct operation of the Application and technical support, and in this respect, it is possible for the Service Provider to access data or create backups.
- The entrustment is granted for the duration of the Contract, in accordance with the Terms and Conditions. After expiry of the entrustment, the Service Provider deletes the entrusted personal data within 3 months.
- The categories of data covered by entrustment include data of potential customers as entered into the Application by the User.
- The Service Provider may sub-entrust personal data as part of the delivery of ICT system or server data storage services. Sub-entrustment is granted to entities integrated by the User (the choice is made by the User directly in the Application) and to the Service Provider’s collaborators providing IT support, including entities such as: Amazon Web Services, Inc.
- The Service Provider declares that it provides sufficient guarantees for the implementation of appropriate technical and organisational measures for the processing to meet the requirements of Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter the “GDPR”), and to protect the rights of data subjects.
- The Service Provider agrees to:
a. process personal data only to a documented User’s order (in accordance with the activities in the Application), including transferring personal data to a third country or an international organisation, unless such obligation is imposed by Union law or the law of the Member State to which the processor is subject; in this case, before the processing begins, the processor will inform the Administrator about this legal obligation, unless this law prohibits the provision of such information due to important public interest,
b. ensure that persons authorized to process personal data commit themselves to maintain secrecy,
c. take all measures required under Article 32 GDPR,
d. observe the conditions for using the services of another processor, as referred to in Article 28 (2) and (4) GDPR,
e. taking into account the nature of the processing, as far as possible, to help the User with appropriate technical and organisational measures to meet the obligation to respond to the requests of a data subject for the exercise of their rights set out in Chapter III GDPR; at the Application level, the User has the right to verify the extent of collected data, including recording dates, etc.,
f. taking into account the nature of the processing and the information available to it, to help the User to meet the obligations set out in Article 32-36 GDPR; functionalities available in this respect are contained in the Application,
g. after completing the provision of processing-related services, to delete all personal data and remove all existing copies thereof which relate to the categories of persons as defined above. The Service Provider has the right to keep the types of operations performed, in which case personal data are subject to anonymization,
h. provide the User with all information necessary to demonstrate compliance with the obligations set out in Article 28 GDPR and enable the User to carry out audits, including inspections by asking questions,
i. promptly inform the User if, in its opinion, the instruction given to it constitutes an infringement of the GDPR or other laws of the Union or a Member State concerning data protection, given the registered office of the Service Provider,
j. for the duration of the Contract, as part of its organisation, to process personal data entrusted to it in accordance with the law on personal data protection (GDPR and laws of a Member State given its registered office), including, without limitation, to process the same by appropriate technical and organisational means ensuring protection of personal data processing adequate to the threats and categories of data covered by the protection, and against making them available to unauthorised persons, to keep records of persons authorised to process entrusted personal data and to oblige them to maintain secrecy thereof.
- The entrustment is not covered by additional remuneration.
- The User receives Notifications of important information on the functioning of the Application.
- A person subscribed to the newsletter can unsubscribe by clicking the “cancel subscription” button at the bottom of every newsletter message.
- The newsletter is sent by e-mail.