I. GENERAL INFORMATION AND DEFINITIONS
Kontomatik is a brand of Kontomierz.pl Sp. z o.o. (registered office address: ul. Prosta 32,
" or "
" - Kontomierz.pl Sp. z o.o. (registered office address: ul. Prosta 32,
00-030 Warsaw, Poland), entered in the Register of Entrepreneurs of the National Court Register, kept by the District Court for the capital city of Warsaw, XIII Commercial Division of the National Court Register, under KRS number: 0000338706, NIP: 5213542911, REGON: 142043500, share capital: PLN 42 000, electronic mail address: [email protected], website: kontomatik.com.
- " Personal Data " - any information relating to a natural person identified or identifiable in reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, online identifier as well as information collected by means of cookies or other similar technology.
- "GDPR" - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- " Website " - our website run at kontomatik.com.
- " User " or " You " - any natural person visiting our Website or using any services or functionalities described in the Policy.
II. Personal Data processing related to Website use
We are a company having its registered office in the European Union. We protect your Personal Data pursuant to the provisions of GDPR.
We process your Personal Data as well as information about your activity on the Website in the scope necessary to make it possible for your to use our Website and services. Detailed principles and purposes of processing of Personal Data collected when you use our Website are presented below.
III. PURPOSES AND LEGAL BASES FOR DATA PROCESSING ON THE WEBSITE
Use of the Website
In order to browse our Website, you do not have to log in or provide any data identifying you directly (such as name, surname or address). However, we collect that which in certain cases, especially in combination with other data, can allow for your identification (Personal Data) such as IP addresses or other identifiers as well as information collected by means of cookies or similar technologies. These data are processed for the following purposes:
- for the purpose of providing services in an electronic form consisting in sharing content collected on our Website with you - the legal basis for processing of the Personal Data is necessity of processing for the purpose of contract performance (Art. 6 section 1 letter b GDPR);
- for analytical and statistical purposes - the legal basis for processing of the Personal Data is our legitimate interest (Art. 6 section 1 letter f GDPR) consisting in carrying out analyses of Users' activities as well as their preferences for the purpose of improvement of functionalities and provided services;
- for the purpose of potential establishment and seeking of claims (e.g. if you commit unlawful acts in connection with use of he Website) or defence against claims - the legal basis for processing of Personal Data is our legitimate interest (Art. 6 section 1 letter f GDPR) consisting in protection of our rights;
- for marketing purposes of the Controller and other entities - principles of Personal Data processing for marketing purposes are described in the section " MARKETING ".
Your activities on the Website, including certain Personal Data (e.g. IP number), are recorded in system logs (i.e. a special computer program applied for chronological storing of records containing information about events and activities regarding the IT system used to make the Website available to you). The information collected in the logs is processed by us mostly to make the Website available to you. We process these data also for technical and administrative purposes, to ensure security and management of our IT system as well as for analytical and statistical purposes. In this scope, the legal basis for processing of Personal Data is our legitimate interest (Art. 6 section 1 letter f GDPR).
In certain places on our Website, you are provided with the option to contact us using various electronic contact forms (e.g. request for demo, contact form).
To use the contact form, you have to provide Personal Data necessary for us to handle your enquiry and contact you to reply to it and make the content requested available to you. Other data can be also provided in the form to facilitate contact and enquiry service. Providing Personal Data marked as required is necessary to accept the enquiry for processing, and failure to provide them makes submitting the enquiry impossible. Providing other data is voluntary.
The Personal Data are processed:
- for the purpose of identification of the sender and handling of the enquiry sent via the contact form - the legal basis for processing of Personal Data is the Controller's legitimate interest consisting in replying to the User's enquiry (Art, 6 section 1 letter f GDPR);
- for analytical and statistical purposes - the legal basis for processing of the Personal Data is the Controller's legitimate interest (Art. 6 section 1 letter f GDPR) consisting in keeping statistics of enquiries submitted by the Users via the Website for the purpose of improving of its functionalities.
We make the form allowing to subscribe to our newsletter available on the Website. It is addressed mainly to the representatives of press, media, bloggers as well as other persons who are interested in receiving news and notifications from us. The newsletter consists in periodical sending to the provided e-mail address of notification regarding interesting content related to our activities that could also in some cases contain marketing (commercial information) and PR content.
To subscribe to the newsletter, you have to provide your e-mail address. Failure to provide the e-mail address precludes subscribing to the newsletter. You can resign from the newsletter at any time contacting us (e.g. by e-mail) or using the special link provided in the footer of the received newsletter message.
As regards the newsletter, your Personal Data are processed:
- for the purpose of newsletter service provision - the legal basis for processing of the Personal Data is necessity of processing for the purpose of contract performance (Art. 6 section 1 letter b GDPR);
- in case of providing marketing content within the framework of the newsletter - the legal basis for processing of Personal Data, including profiling, is our legitimate interest (Art. 6 section 1 letter f GDPR) in connection with newsletter subscription;
- for analytical and statistical purposes - the legal basis for processing of the Personal Data is our legitimate interest (Art. 6 section 1 letter f GDPR) consisting in carrying out analyses of Users' activities on the Website for the purpose of improvement of applied functionalities;
- for the purpose of potential defence against claims (e.g. in connection with a complaint regarding the newsletter) - the legal basis for processing of Personal Data is our legitimate interest (Art. 6 section 1 letter f GDPR) consisting in protection of our rights.
We may process the User's Personal Data for marketing purposes. Such activities can consist in:
- displaying marketing content (advertisements) to the User that are not customised to his or her preferences (contextual advertisement);
- displaying marketing content (advertisements) to the User that are customised to his or her interests (behavioural advertisements);
- sending e-mail notifications regarding interesting offers or contents which, in certain cases, contain commercial information (newsletter);
- conducting other types of activities related to direct marketing of goods or services (sending commercial information by electronic mail or telemarketing activities), provided that the user granted his or her consent for use of a specific means of communication for marketing purposes (e.g. e-mail, text message/MMS, telephone).
For the purpose of marketing activities, in certain cases we use profiling. This means that based on automated data processing we assess selected factors regarding natural persons for the purpose of analysis of their behaviour or creation of projections for the future. These activities allow, for instance, to display advertisements adjusted to the User's preferences.
We process Personal Data of the Users for marketing purposes in relation to addressing contextual advertisements to them (i.e. advertisement not customised according to the User's preferences but adjusted to the content of the page on which it is published - e.g. advertisement of a financial product on a page regarding finances). In such a case, processing of Personal Data is carried out in relation to a legitimate interest of the Controller, i.e. marketing (Art. 6 section 1 letter f GDPR).
The Controller and its trusted partners process the Users' Personal Data, including Personal Data collected by means of cookies and similar technologies, for marketing purposes related to addressing behavioural advertisements to the Users (i.e. advertisements customised according to the User's preferences based, for instance, on the content he or she viewed earlier). In such a case, processing of Personal Data includes also User profiling. Using the Personal Data collected by means of the said technology for marketing purposes, especially in the scope of promoting services and goods of third parties, requires your consent. This consent can be withdrawn at any time.
We may also use the Users' Personal Data to address marketing content to them via various channels (e.g. electronic
mail, MMS/text message or telephone). Such activities are taken only if the User granted his or her consent for them, and such a consent can be withdrawn at any time.
We process Personal Data of Users visiting Kontomatik's social media profiles (Facebook, Twitter, YouTube). These data are processed exclusively in relation to running the profile, including informing the Users about our activity and promoting various types of events, services and products. The legal basis for processing of Personal Data for this purpose is the legitimate interest (Art. 6 section 1 letter f GDPR) consisting in promotion of our brand.
Cookies are small text tiles installed on the devices of the User browsing the website. Cookies collect information facilitating the use of websites (e.g. remembering User's visits on the Website and activities performed by him or her, such as confirming familiarisation with the policy privacy notification). Cookies usually contain the name of the page the originate from, storage time in the User's device and a unique identifier.
We use the so-called service cookies mainly to supply services through the Website and to improve their quality. Service cookies are used, among other things, for the purpose of optimisation of the Website pages (in particular, these files allow to identify your device and properly display the website, adjusted to your device settings). Service cookies are used to for the purpose of statistics generation that help us understand how the users of the Service use pages of the Website which, in turn, allows to improve their structure and content.
- cookies with data provided by the User (session identifier) for the duration of the session,
- cookies used to ensure security, e.g. used to detect abuse,
- multimedia player session cookies (e.g. flash player cookies) for the duration of the session,
- persistent user interface customisation cookies for the duration of the session or slightly longer,
- cookies used for monitoring of the traffic on the Website pages (the so-called data analytics), including Google Analytics (these are files used by the Google corporation to analyse the method of use of the Website by the User, to create statistics and reports regarding Website functioning). Googles does not use the collected data for User identification and does not link information for the purpose of identification. For detailed information about the scope and principles of data collection in relation to this service, visit: https://policies.google.com/technologies/partner-sites?hl=en.
Saving cookies on the User's device and gaining access to them requires your consent. This consent can be withdrawn at any time.
You can also change the Google advertising settings ( http://www.google.com/settings/ads ).
VI. PERSONAL DATA PROCESSING PERIOD
The period of Personal Data processing depends on the type of provided service and purpose of processing. In principle, we process Personal Data for the time of service provision (if data are processed for the purpose of service provision), until the consent granted is withdrawn (in case of processing based on consent) or until an effective objection against data processing is lodged (if the legal basis for data processing is a legitimate interest).
The Personal Data processing period can be extended if processing is necessary to establish and enforce potential claims or defend against them, and upon lapse of the said time Personal Data can be processed only in the scope necessary to perform the obligations imposed on us by the law. Upon lapse of the processing period, the data are irreversibly erased or anonymised.
VII. USER'S RIGHTS
In connection with processing of your Personal Data by us, you have the following rights:
- Requesting access to your Personal Data, their rectification , erasure or restriction of processing.
- Lodging objection against processing of your Personal Data carried out on the basis of a legitimate interest (e.g. in relation to analytical and statistical purposes) at any time - due to reasons related to your special situation. In such a case, we are no longer allowed to process such Personal Data, unless we can demonstrate existence of legitimate bases for processing (overriding your interests, rights and freedoms) or bases for establishment, enforcement or defence of claims.
- Lodging objection against processing of your Personal Data for marketing purposes (including profiling for marketing purposes) carried out on the basis of a legitimate interest at any time. In such a case, we are no longer allowed to process your Personal Data for such purposes.
- In the scope in which your Personal Data are processed by us on the basis of your consent, you can withdraw such a consent at any time contacting us (e.g. to the e-mail address or correspondence address specified in the Policy). Withdrawal of the consent does not affect lawfulness of processing carried out based on the consent prior to its withdrawal.
- As regards your Personal Data processed by us in an automated manner for the purpose of contract performance or based on a consent, you have the right to transfer the Personal Data provided by you, i.e. the right to receive your Personal Data from us in a structured, commonly used format suitable for machine (computer) reading. You can send the said data to another entity or demand that we send such data to another entity (provided, however, that it is technically feasibly both on our and the third-party entity's part). The right to data mobility cannot affect the rights or freedoms of others.
- Lodging a complaint to the supervisory authority for personal data protection (especially in the member state proper for your permanent residence, your place of work or place of alleged breach) if you believe that processing your Personal Data by us is in breach of GDPR.
VIII. DATA RECIPIENTS
Personal Data provided by the Users will be disclosed in the necessary scope to third-party entities whose services we use, including IT service providers.
The User's Personal Data can be also disclosed in the necessary scope to the competent public authorities or third parties who request provision of such information referring to a legitimate legal basis and in accordance with the law.
IX. TRANSFERRING DATA TO NON-EEC JURISDICTIONS
Our company is located within the European Economic Area. The level of safeguarding of Personal Data outside the European Economic Area (EEA) differs from the level ensured by the EU law. For this reason, we transfer Personal Data outside EEA only in the scope necessary to use services of non-EEA entities and only when an adequate level of safeguarding is ensured, mostly through:
- cooperation with entities processing Personal Data in countries in relation which a relevant adequacy decision has been issued by the European Commission;
- use of standard contractual clauses regarding Personal Data protection issued by the European Commission;
- use of binding corporate rules regarding Personal Data protection approved by the competent supervisory authority;
- in case of transferring data to the United States of America (USA) - cooperation with entities participating in the Privacy Shield programme approved by way of decision of the European Commission.
The intention to transfer Personal Data outside EEA is communicated at the stage of their collection.
X. PERSONAL DATA SECURITY
We carry out risk analysis on an on-going basis in order to ensure that Personal Data are processed by us in a safe manner - ensuring, first and foremost, that Personal Data can be accessed only by authorised persons and only in the scope necessary due to tasks performed by them. We also make sure that all operations on Personal Data are recorded and performed only by authorised employees and collaborators.
We take all actions necessary to ensure that our subcontractors and other collaborating entities guarantee proper security and safeguarding measures in any case of processing of Personal Data based on our instructions.
XI. CONTACT DATA
You can contact us writing to the following e-mail address: [email protected] or sending a letter to the company's registered office address.
We have appointed the Data Protection Officer that you can contact by e-mail as regards any matter concerning processing of your Personal Data by us.
This Policy is subject to on-going review and updates, if needed. The current version of the Policy was adopted and is effective as of 24.05.2018.