Personal Data Controller
1. The personal data controller (hereinafter called the Controller) is HERODOT Sp. z o.o. with its registered office in Wrocław at ul. Powstańców Śląskich 7a, 53 – 332 Wrocław, entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for Wrocław – Fabryczna in Wrocław, VI Commercial Division of the National Court Register as KRS number 0000746298, Taxpayer Identification Number (NIP): 8971806431, National Business Registry Number (REGON): 361032055, for and on behalf of which act Kamil Rzeźnicki – President of the Management Board and Maria Mirek – Member of the Management Board.
2. The Controller processes Users’ personal data in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data (hereinafter referred to as “GDPR”), the Act of 18.07.2002 – on the provision of electronic services and other generally applicable provisions of law.
3. In matters related to the User’s data, please contact the following e-mail address: email@example.com.
The guarantee of the protection of privacy and confidentiality of the Website Users’ personal data
The Controller and its affiliated companies attached great importance to the protection of privacy and confidentiality of the Website Users’ personal data, with due diligence selects and applies appropriate technical and organizational measures ensuring the protection and processing of personal data.
What information do we collect?
1. Users’ personal data is processed on servers that ensure their security. We make every effort to ensure that the data is processed in accordance with the purpose and scope of using our services available through the Website, including subpages, applications and other functionalities made available, so as to make the use of the Website as safe and convenient for Users as possible.
4. Providing data is voluntary, however failure to do so may prevent the use of the Controller’s or its affiliated companies offer.
5. The data will be processed for purposes related to the use of services available through the Website.
7. The user has the right to lodge a complaint with the supervisory body – the President of the Data Protection Office, if he considers that the processing of his personal data violates the provisions on the protection of personal data.
8. Based on the provisions of the GDPR, the Controller and/or its affiliated companies are entitled to process the User’s personal data in the following circumstances:
- The User agrees to the processing of the personal data;
- The processing of the User’s personal data will be necessary to fulfill the legal obligation incumbent on the Controller;
- When it is necessary for the purposes of the legitimate interests pursued by the Administrator or by third parties.
9. Period of personal data storage:
- Cookies: depending on the nature of the data, but no longer than 2 years from the moment the User gives his consent,
- Analytical data: in the case of consent until its withdrawal, restriction or other actions on your part limiting this consent,
- Other data: in the case of necessary data for the performance of the contract, for the duration of its performance and until the expiry of the limitation of claims under this contract.
10. Users’ personal data may be shared with the following entities:
- Employees and associates of the Controller who have been authorized for the processing of personal data;
- Entities processing data on behalf of the Controller;
- public authorities to whom the data will be transferred due to the conducted proceedings and on the basis of applicable law,
- The Controller also informs that the user’s data may be transferred within the corporate group that includes TISA LAB Sp. z o.o. with its registered office in Wrocław, HERODOT Sp. z o.o. with its registered office in Wrocław and TISA AG Ltd. with its registered office in Switzerland on the basis of agreements on personal data processing. In these cases, the data are processed in accordance with the Decision of the Commission of the European Communities of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided in Switzerland (2000/518/EC).
The Controller informs that it uses services offered by global service providers that are part of global organizations such as Notion Labs, Inc., Slack Technologies, Inc., Google LLC, Calamari sp. z o.o. sp. k., Dropbox, Inc., COING Inc. operating in the European Economic Area (“EEA”), which may transfer data to the United States. These companies offer cloud solutions to the Company and declare that they have implemented an adequate level of protection and appropriate safeguards under the GDPR. The processing of personal data also takes place on the basis of the European Commission’s standard contractual clauses, which are part of the agreements on data processing concluded between the Employer and the service providers. In relation to the above, the transfer of personal data to processors located outside the EEA takes place on the basis of one of the prerequisites set out in Article 49 of the GDPR, i.e. for the purpose of implementing the agreement concluded between the Contractor and the Principal, as well as contractual obligations arising from the agreement concluded by the controller in the interest of the persons whose data are processed in the aforementioned systems, including via email and using the IT solutions offered by the aforementioned providers. Due to the cancellation of the so-called Privacy Shield (“Privacy Shield”) on EU-US data flows and determining the adequate level of protection and due to the lack of adequate safeguards, the Employer informs that in the above cases it does not provide an adequate level of protection for personal data.
What rights are the Users entitled to?
The user is authorized to:
- Requests to obtain a copy of personal data or make it available at the headquarters of the Controller (Article 15 of the GDPR);
- Request for rectification of personal data (Article 16 of the GDPR);
- Request to delete your personal data (Article 17 of the GDPR), the so-called “The right to be forgotten”);
- Request to limit the processing of your personal data (Article 18 of the GDPR);
- Request to transfer your own personal data in a commonly used format to another Data Controller indicated by you (Article 20 of the GDPR);
- Raising an objection to the processing of personal data (Article 21 of the GDPR);
- Withdrawal of consent to the processing of personal data, provided that the processing takes place on the basis of a prior consent (Article 7.3 of the GDPR).
The User has the right to withdraw consent to the processing of data provided by the User at any time. The Controller, in the event of becoming aware of the withdrawal of consent, will immediately take steps to delete the stored data.
Data on website traffic is used for profiling and targeting advertisements on external websites – Facebook, Google, Instagram. They are based on non-specific criteria that make it impossible to identify a single user.
The website automatically collects data in cookie files;
- Cookies should be understood as IT data, in particular text files, stored in Users’ end devices intended for the use of websites;
- Cookies are used by the Controller only to operate the Website, including to recognize the User’s device and display the Website pages in a manner that is delivered to his individual needs, as well as to create anonymous Website statistics and improve the efficiency and effect of using the Website;
- Cookies are not used to obtain any personal data of Users;
- The user may consent to the storage of cookies by selecting consent.
Controlling and deleting cookies
The user can change the way cookies are used at any time. Most browsers offer the option of accepting or rejecting all cookies, only accepting certain types, or informing the user each time a website tries to save them. The user can also easily delete cookies that have already been stored on the device by the browser. The options for managing and deleting cookies vary depending on the browser used. You can find all the necessary information by using the Help function in your browser or by visiting the website http://www.aboutcookies.org/, where it is explained how to control and delete cookies in the most popular browsers. Remember that blocking all cookies may cause difficulties in operation or completely prevent the use of some of the website’s functionalities.
Information for mobile devices is available on the following pages: