PRIVACY POLICY AND COOKIES

General information:

1. The following Privacy Policy constitutes the realisation of obligation to inform specified in article 13 of the European Parliament and Council Regulation (UE) 2016/679, dated April 27th 2016, on the protection of individuals with regard to the processing of personal data and of the free flow of such data and repealing the directive 95/46/WE (hereinafter: “the GDPR”).
2. This Privacy Policy particularly contains: the rules regarding processing personal data by the Controller on the website, including the grounds, purposes and scope of processing personal data and the rights of people, to whom the data pertains, as well as information on the scope of use of cookies and analytical tools by the website.
3. The personal data within the website is processed by the Controller according to valid law provisions.
4. The Controller of your data is DEVSELITE GROUP sp. z o.o. based in Krakow, address: Beliny- Prażmowskiego 49A/6, 31-514 Krakow, entered into the District Court for Kraków – Śródmieście in Krakow, 11th Economic Department, under the KRS number 0000842003, NIP: 6751729288, share capital: PLN 10000.
5. You can contact the Controller:
   1. via mail to the mailing address specified in p. 4 of the Privacy Policy
   2. via e-mail, to the address iod@devselitegroup.pl
   3. by calling +48 571-525-098 or +48 571-525-099.
6. The Controller is taking all necessary steps to protect the best interest of the persons, to whom the data pertains, and is particularly responsible for guaranteeing that the collected data is:
   1. processed in accordance with the law;
   2. collected for specific and legal purposes and not processed further for other purposes;
   3. correct and adequate with regards to the purposes of processing;
   4. stored in a form allowing for identification of persons to whom the data pertains for no longer than it is necessary to realise the purpose of processing;
   5. processed in a manner which guarantees, through proper technical and organisational means, proper personal data safety, including protection against improper or illegal processing and an accidental loss, destruction or damage.
7. Considering the type, scope, context and purposes of processing, as well as varying probability and gravity of risk of violating rights of individuals, the Controller implements proper technical and organisational means to perform the processing according to this regulation and to be able to prove this compliance. These means are inspected and updated as necessary. The controller uses technical means that prevent unauthorised access and modification of data sent via the Internet.

Legal grounds, purposes and period of processing personal data:

8. The Controller is entitled to process personal data only in case and scope of fulfilling at least one of the following conditions:
   1. The person to whom the data pertains agreed to processing their personal data for one or more of the specified purposes.
   2. Processing is necessary to conclude and realise an agreement.
   3. Processing is necessary to realise the legal obligations of the Controller, including issuing and storing invoices and accounting documents.
   4. For the purposes of marketing, advertising of products and services of the Controller and direct marketing.
   5. For the purposes of potential defining, pursuing or defence against claims, ensuring safety of persons and property according to legally grounded best interest of the Controller.
9. Each processing of personal data by the Controller requires one of the grounds specified in p. 8 above.
10. The purpose, legal grounds, period and scope of the personal data processed by the Controller result from the given circumstances and can be characterised as follows:

    Purpose of processing data

    Taking action to enter into a contract or realise a concluded contract

    Legal grounds according to the GDPR/p>

    Art. 6 p. 1 b

    Period of processing data

    The data is processed for the period necessary for realisation, termination or expiration of a concluded contract in another way.

    Scope of processing data

    The broadest scope of processing: name and surname; e-mail address; telephone number; residence address/location of managing activity/headquarters, tax number (NIP)

    Purpose of processing data

    Marketing

    Legal grounds according to the GDPR

    Art. 6 p.1 a

    Period of processing data

    The data is processed until the person, to whom the data pertains, revokes the consent to process the data for the given purpose.

    Scope of processing data

    Broadest scope of processing: E-mail address

    Purpose of processing data

    Direct marketing

    Legal grounds according to the GDPR

    Art. 6 p. 1 f

    Period of processing data

    The data is processed for the period of existence of a legally grounded interest realised by the Controller, however for no longer than: for the period of expiration of claims towards a person to whom the data pertains, based on the economic activity managed by the Controller or for no longer than the expiration period of the claims towards the Controller. The expiration date is specified by the provisions of law, particularly by the civil code (the default expiration period for claims regarding managing economic activity is 3 years). The Controller may not process the data for the purpose of direct marketing if the person to whom the data pertains expresses effective objection in this scope (art. 21, p. 2 of the GDPR)

    Scope of processing data

    Broadest scope of processing: E-mail address

    Purpose of processing data

    The Controller’s duties specified by the law, including issuing and storing accounting documents

    Legal grounds according to the GDPR

    Art. 6 p. 1 c

    Period of processing data

    The data is processed for the period specified in the provisions of law, that oblige the Controller to store the tax ledgers (until the tax liabilities expire, except if the tax regulations specify otherwise)

    Scope of processing data

    Broadest scope of processing: Name and Surname; residence address/location of managing activity/headquarters, name of company and tax number (NIP)

    Purpose of processing data

    Defining, pursuing or defence against claims, ensuring safety of persons and property according to legally grounded best interest of the Controller

    Legal grounds according to the GDPR

    Art. 6 p. 1 f

    Period of processing data

    The data is processed for the period of existence of a legally grounded interest realised by the Controller, however no longer than: for the period of expiration of claims towards a person to whom the data pertains, based on the economic activity managed by the Controller or for no longer than the expiration period of the claims towards the Controller. The expiration date is specified by the provisions of law, particularly by the civil code (the default expiration period for claims regarding managing economic activity is 3 years).

    Scope of processing data

    Broadest scope of processing: Name and Surname; telephone number; e-mail address; residence address/location of managing activity/headquarters; tax number (NIP)

Recipients of personal data:

11. The Controller may disclose your personal data to the following categories of recipients only if it is necessary for the realisation of the given purpose of processing and only in the scope necessary for its realisation:
    1. Entities entitled to it on the grounds of the generally applicable regulations.
    2. The Controller’s suppliers of technical, IT and organisational solutions, which allow the Controller to manage economic activity (particularly: website management software providers, e-mail and hosting providers as well as company management software providers and providers of technical support to the Controller). The Controller discloses the collected personal data to the selected provider acting at their order only in case and scope necessary to realise the given purpose of processing compliant with this Privacy Policy.
    3. The providers of legal, accounting, advisory services, providing the Controller with accounting, legal or advisory support. The Controller discloses the collected personal data to the selected provider acting at their order only in case and scope necessary to realise the given purpose of processing compliant with this Privacy Policy.
    4. The entities processing the data on behalf of the Controller, i.e. to the entities, which process the data as subcontractors on the grounds of an agreement and only in the scope indicated by the Controller.
    5. Other entities, if it results from the content and type of correspondence.

Personal data profiling:

12. On their website, the Controller may use profiling for the purpose of direct marketing, but the decisions made by the Controller on its grounds do not pertain to concluding or refusal to conclude an agreement. With use of Google Analytics, the Controller may know the: type of browser, computer system, browser language, time spent on the given web page of the website, demographical data (gender, estimated age of the person), location data (country, voivodeship, sometimes particular city), while with the help of hosting provider the Controller may additionally specify the IP of the User visiting the website.
13. The results of profiling by the website may include: sending an offer for a product or service, which offer may correspond to the interests and preferences of the given person. In spite of the profiling, the person makes free decision regarding concluding an Agreement with the Controller.
14. Profiling within a website consists of an automatic analysis of the given person’s behaviour on the web page of the website, e.g. by browsing the web page of a particular product/service on the website, or by an analysis of the history of actions taken on the website.
15. The person to whom the data pertains has the right to refrain from the decision, which is based only on automatic processing, including profiling, and induces legal consequences for the given person or influences the person in another similar and significant manner.

The rights of persons to whom the data pertains:

16. The persons to whom the data pertains have the following rights:
    1. The right to access the content of personal data and to obtain information regarding e.g. the categories of data, purposes of its processing, as well as obtaining a copy thereof.
    2. The right to amend incorrect data and complement missing data, as well as to be forgotten, which means the right to delete the data processed without grounds or illegally (e.g. the data is not necessary for the purposes for which they were collected)
    3. The right to revoke the consent at any moment without affecting the legality of the processing performed based on the consent before it was revoked (if the processing is performed on the grounds of art. 6 p. 1 a of the GDPR).
    4. The right to object to processing personal data based on art. 6 p. 1e of the GDPR (public interest or authority) or art. 6 p. 1f of the GDPR (legally grounded interest of the Controller), due to reasons related to a particular situation of the person to whom the data pertains. In such case the Controller may not process this personal data, except if the Controller proves the existence of valid legal grounds for processing, that would prevail over the interests, rights and freedom, to whom the data pertains, or grounds to define, pursue or defend claims.
    5. The right to object to direct marketing in the scope where the processing is related to direct marketing.
    6. The right to transfer the data in an automated way, which means that it is possible to demand that the Controller sends the personal data directly to another controller, provided it is technically possible.
    7. The right to file a complaint to the President of the Personal Data Protection Office, if the user considers the processing of personal data violates the provisions of the GDPR.
17. 17. For the purposes of realisation of the rights specified in p. 16 of this Privacy Policy, the Controller can be contacted through a written message or via e-mail to the Controller’s address, specified in the preamble to this privacy Policy, or with use of the contact form available on the website..

Cookies and analytics:

18. Cookies files are information in text files, sent by the server and stored with the person visiting the website (e.g. on the computer’s/laptop’s hard drive or memory card of a smartphone – depending on what device is used by the visitor to the website).
19. The Controller may process data stored in Cookies during the visits to the website with the following purposes:
    1. Customising the content of web pages to the customer’s individual preferences (e.g. with regards to colours, font size, website layout) and optimising the use of web pages.
    2. Managing anonymous statistics of the use of the web page of the website.
    3. Improving the quality of services of the website.
20. By default, most browsers available on the market accept storing Cookies. Everyone can specify the conditions of using Cookies by adjusting settings of their browser. This means that it is possible for example to limit (e.g. temporarily) or completely block storing of Cookies – in the latter case it may affect some of the functionalities of the website.
21. The Cookies settings of the website are significant from the perspective of consent to the use of Cookies by the website – according to the law such consent may also be provided by the settings of the browser. In order for the consent not to be provided, the Cookies setting of the browser must be changed accordingly.
22. Detailed information on changing the Cookies settings and their removal from the most popular browsers can be found in the support tabs of browsers.
23. The Controller uses the services of Google Analytics, Universal Analytics provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. These services help the Controller to analyse the traffic on the website. The stored data is processed in an anonymised way (this is so called exploitation data, which allows for identifying the person) to generate the statistics supporting the administration of a website. This data is collective and anonymous data, that is it does not contain any identifying characteristics (personal data) of the person visiting the website. With use of the aforementioned services on the website, the Controller collects such data as: the mode of behaviour of the visitors to the website, information on the devices and browsers used to visit the website, geographical and demographical data (age, gender), IP.
24. It is possible to easily block sharing the information on activity on the website with Google analytics – to this end the user can install a browser extension offered by Google Inc, to be downloaded here: https://tools.google.com/dlpage/gaoptout?hl=pl.
25. The Controller may use the Facebook Pixel service provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). This service allows the Controllers to measure the effectiveness of advertisements and to discover what actions the visitors to the website take, as well as to display corresponding advertisements to the users. Managing Facebook Pixel is possible by advertisement settings on your Facebook account.