Privacy Policy and COOKIES

Privacy Policy and COOKIES

Definitions

1. Administrator – Generate 4 spółka z ograniczoną odpowiedzialnością sp.k. with its registered office in Warsaw (02-583) at Wołoska 9, entered into the Register of Entrepreneurs kept by the District Court for the Capital City of Warsaw, XIII Commercial Division of the National Court Register under the number KRS 0000811892, NIP: 5213634547

2. Personal Data – information about an identified or identifiable natural person; an identifiable natural person is a person who can be directly or indirectly identified by one or more specific factors which define the physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, internet identifier and information collected via cookies and other similar technology.

3. GDPR – Regulation 2016/679 of the European Parliament and the Council of the EU dated 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/WE.

4. Policy – this Privacy and Cookies Policy.

5. User – any natural person visiting the Website or using one or more services or functionalities described in the Policy, as well as a natural person to whom personal data processed by the Administrator pertain, e.g. visiting the Administrator’s premises or sending an e-mail inquiry to him.

6. Website – a website run by the Administrator at https://generate4.pl

Introduction

1. The purpose of this Policy is to define the rules, method of processing and use of Users’ Personal Data. The policy also contains information on the rights of natural persons with regard to the Personal Data provided by them. The legal basis of the Policy is Regulation 2016/679 of the European Parliament and the Council of the EU dated 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/WE, and also the Act on the Protection of Personal Data of May 10, 2018 (Journal of Laws of 2018, item 1000). This Policy is the implementation by the Administrator of the obligations arising from Articles 12 and 13 of the GDPR.

2. The policy applies to each website, application or service referring to this information, as well as to data provided through them, by phone, e-mail or in person at the Administrator’s office. Please note that when leaving the Administrator’s Website, the User enters the area where the Policy does not apply. The administrator is not responsible for the privacy policy rules applicable on websites operated by other entities.

3. In connection with the economic activity conducted by the Administrator and the User’s use of the Website, the Administrator collects data to the extent necessary to provide individual services offered, as well as information about the User’s activity on the Website. Detailed rules and purposes of processing Personal Data are described below.

Contact with the Administrator

In all matters related to the processing of Personal Data, you can contact the Administrator at the above-mentioned registered office address or via e-mail: kontakt@generate4.pl or by phone: +48 (22) 444 78 03.

Purposes and legal grounds for the processing of Personal Data

The Administrator processes Personal Data in accordance with the business profile, only for the purposes indicated below. If, due to legal provisions, the properties of the service or the need to settle it, there is a need to process other Personal Data of data subjects, the Administrator may process them to the necessary extent.

Use of the Website

Personal Data of all persons using the Website (including IP address or other identifiers and information collected via cookies or other similar technologies), are processed by the Administrator:

  1. in order to provide electronic services in the scope of making the content collected on the Website available to Users – then the legal basis for processing is the necessity of processing to perform the contract (Article 6 (1) (b) of the GDPR);
  2. for analytical and statistical purposes – then the legal basis for processing is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR), consisting in conducting analyzes of Users’ activity, as well as their preferences in order to improve the functionalities used and the services provided;
  3. in order to possibly establish and pursue claims or defend against claims – the legal basis for processing is the Admininistrator’s legitimate interest (Article 6 (1) (f) of the GDPR), consisting in the protection of its rights;

The User’s activity on the Website, including his Personal Data, is recorded in system logs (a special computer program used to store a chronological record containing information about events and activities related to the IT system used to provide services by the Administrator). The information collected in the logs is processed primarily for purposes related to the provision of services. The Administrator also processes them for technical and administrative purposes, for the purposes of ensuring the security of the IT system and managing this system, as well as for analytical and statistical purposes – in this respect the legal basis for processing is the legitimate interest of the Administrator (Article 6 (1) (f) GDPR).

Contact form

The Administrator provides the possibility to contact him using electronic contact forms. Using the form requires providing Personal Data necessary to contact the User and answer the inquiry. The User may also provide other data to facilitate contact or handle the inquiry. Providing data marked as mandatory is required in order to accept and handle the inquiry, and failure to do so results in the inability to handle. Providing other data is voluntary.

The legal basis for the processing of Personal Data is the Administrator’s legitimate interest – Article 6 (1) (f) GDPR, consisting in providing message handling and answering questions arising from it.

Newsletter

The Administrator processes Users’ Personal Data in order to carry out marketing activities, which may consist in sending e-mail notifications about interesting offers or content, which in some cases contain commercial information (newsletter service).

The Administrator provides the newsletter service to people who have provided their e-mail address for this purpose. Providing data is required to provide the newsletter service, and failure to do so results in the inability to send it.

The legal basis for the processing of Personal Data is the legitimate interest of the Administrator

– Article 6 (1) (f) of the GDPR in connection with the consent to receive the newsletter.

E-mail and traditional correspondence

In the case of sending to the Administrator via electronic or traditional mail the correspondence which is not related to the services provided to the sender or other contract concluded with him, the Personal Data contained in this correspondence is processed only for the purpose of communication and resolving the matter to which the correspondence relates.

The legal basis for processing is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR) consisting in conducting correspondence addressed to him in connection with his business activity.

Telephone contact

In the event of contacting the Administrator by phone, in matters not related to the concluded contract or services provided, the Administrator may request Personal Data only if it is necessary to handle the case to which the contact relates. In this case, the legal basis is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR) consisting in the need to resolve a reported matter related to his business activity.

Processing of Personal Data of the Administrator’s customers or contractor’s staff members.

In connection with the conclusion of contracts as part of the business activity, the Administrator obtains from contractors / clients the data of persons involved in the implementation of such contracts (e.g. data of contact persons, persons performing orders, etc.). The scope of the transferred data is in any case limited to the extent necessary for the performance of the contract and usually does not include information other than name and business contact details.

Such Personal Data is processed in order to implement the legitimate interest of the Administrator and its contractor (Article 6 (1) (f) of the GDPR), consisting in enabling the correct and effective performance of the contract.

Data collection as part of business contacts

In connection with the conducted business activity, the Administrator collects Personal Data, e.g. during business meetings or by exchanging business cards – for purposes related to initiating and maintaining business contacts.

Such Personal Data is processed in order to implement the legitimate interest of the Administrator and his contractor (Article 6 (1) (f) of the GDPR) consisting in creating a network of contacts in connection with the conducted business activity.

Fulfillment of legal obligations imposed on the Administrator

The Administrator processes Users’ Personal Data in connection with the implementation of legal obligations imposed on him, regarding, among others, keeping accounting and accounting records, as well as exercising the rights of data subjects.

Such Personal Data is processed on the basis of Article 6 (1) (c) of the GDPR – processing is necessary to fulfill the legal obligation incumbent on the Administrator.

Establishing, pursuing claims and defense against claims

In order to establish, pursue claims and defend against claims, including documenting the objections raised against the processing of personal data, the Users’ Personal Data that have been provided to the Administrator will be processed.

The legal basis for the processing of Personal Data is Article 6 (1) (f) of the GDPR, which allows the processing of personal data for the purpose of possible determination, investigation or defense against claims, which is the implementation of the Administrator’s legitimate interest.

Recipients of Personal Data

The recipients of Personal Data entrusted to the Administrator by the data subjects are the following entities to which Personal Data is transferred to the minimum extent necessary to achieve the purpose(s) for which the data was obtained:

  • authorized personnel of the Administrator;
  • entities processing Personal Data on behalf of the Administrator (e.g. accounting office, technical service providers, hosting service providers);
  • competent authorities authorized in accordance with applicable law.

The Administrator declares that he or she does not sell, disclose or transfer Personal Data collected for processing to other persons or institutions, unless it is done with the express consent or at the request of the data subjects, or at the request of state authorities authorized under the Act for the needs of their proceedings or activities related to security or defense, for tasks specified by law for the public good, when it is necessary to fulfill legally justified goals of the Administrator.

Transferring Personal Data outside the European Economic Area (EEA)

Due to the fact that the Administrator uses applications whose servers are located outside the EEA, personal data obtained in connection with the use of websites by Users may be transferred to third countries. Therefore, the Administrator made sure to use only suppliers who guarantee a high level of personal data protection. These guarantees result in particular from the participation of suppliers in the “Privacy Shield” program established by the Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of protection provided by the EU-US Privacy Shield.

The period of processing Personal Data

The Administrator processes the obtained Personal Data for the period necessary to achieve the purpose(s) for which they were provided. The period of data processing is related to the purposes and grounds for their processing, therefore:

  • data processed on the basis of statutory (tax) requirements will be processed for the period in which the law requires the data to be stored;
  • when the basis for processing is the performance of the contract, then the data is processed by the Administrator as long as it is necessary to perform the contract;
  • data processed on the basis of the legitimate interest of the Administrator will be processed until an objection is effectively submitted by the data subject or the interest ceases to exist. The data processed for the purpose of pursuing or defending against claims will be processed for a period equal to the period of limitation of these claims;
  • data processed on the basis of consent will be processed until the consent expressed by the data subject is withdrawn;

The data processing period may be extended if the processing is necessary to establish or pursue claims or defend against claims, and after this period – only if and to the extent that it will be required by law. After the expiry of the processing period, the data is irreversibly deleted or anonymized.

Cookies

Cookie files (cookies) are small files sent by a web server to the User’s browser and stored on his computer. Cookies help the Administrator analyze web traffic and recognize which part of the Website has been visited. Cookies in no way allow the Administrator to access the computer or information about Users, except for information on how the Website was used and Personal Data that Users provide automatically due to browser settings.

The administrator uses session and permanent cookies. Session cookies are temporary files that are stored on the User’s end device until logging out or leaving the website. Persistent cookies allow the Administrator to recognize your browser during the next visit to the websites administered by the Administrator and adapt the websites to the needs of Users (e.g. remembering the preferred language or font size), as well as for statistical purposes. Persistent cookies remain in the memory of your peripheral device until they are deleted. By using the Website, the User agrees to place cookies on his computer or other device for the above-mentioned purposes. If the User does not agree to receive cookies, they can manage and control them through the settings of their browser. However, it should be remembered that deleting or blocking cookies may affect the way the Administrator’s Website is used.

In order to monitor and improve the Website, aggregate information about Users is collected when browsing the Website, including details about the operating system, browser version, domain name, IP address, the User’s URL from which the User goes to the Administrator’s website and where he or she goes, and which subpages of the website have been visited.

The administrator may keep general statistics, collect website traffic data and information about related websites and share this aggregate data with third parties for marketing, advertising or other promotional purposes, but this aggregate data does not contain any Personal Data. For statistical purposes, the Administrator uses the services of such providers as: Google Analytics.

You can disable or restore the option of collecting cookies at any time by changing the settings in your web browser. The cookies management instructions are available at: http://www.allaboutcookies.org/manage-cookies.

Below we also present how you can change the settings of popular web browsers in the use of cookies:

  • Internet Explorer” https://support.microsoft.com/pl-pl/help/278835/how-to-delete-cookie-files-in-internet-explorer
  • Microsoft EDGE: https://privacy.microsoft.com/pl-PL/windows-10-microsoft-edge-and-privacy
  • Mozilla Firefox: https://support.mozilla.org/pl/kb/ciasteczka
  • Chrome: https://support.google.com/chrome/answer/95647?hl=pl
  • Safari: https://support.apple.com/pl-pl/HT201265
  • Opera: https://help.opera.com/pl/latest/web-preferences/

Data Subject Rights

The Administrator exercises the rights of data subjects related to the processing of their Personal Data. In particular, each data subject has the right to:

  • access to your Personal Data,
  • rectification of Personal Data,
  • deletion of data (“the right to be forgotten”),
  • restrictions on the processing of Personal Data,
  • object to the processing of Personal Data.

If the basis for the processing of Personal Data is the legitimate interest of the Administrator, the data subject has the right to object at any time to the processing of Personal Data, without the need to justify their decision, especially where the legitimate interest consists in conducting activities related to direct marketing.

The consent expressed by data subjects via the websites may be withdrawn at any time, which will not affect the lawfulness of the processing of data that was carried out before its withdrawal.

The administrator informs that there is no obligation to delete data (i.e. to exercise the “right to be forgotten”) in the event that data processing is necessary for:

  • exercising the rights and freedoms of expression and information,
  • compliance with the legal obligation to process under European Union or Polish law,
  • archival purposes in the public interest, scientific or historical research purposes or statistical purposes,
  • to establish, assert or defend claims.

The above rights, as well as the intention to withdraw consent, may be implemented by sending a relevant request by e-mail to the Administrator’s e-mail address: kontakt@generate4.pl or by letter to the address of the Administrator’s seat provided in Section 1 of the Policy.

Whenever it is found that the rights of a natural person under the law and the Policy are violated, Users have the right to complain to the Personal Data Protection Office based in Warsaw at Stawki 2.

Security of Personal Data

The Administrator ensures the security of Personal Data against unauthorized disclosure to unauthorized persons, interception of data by unauthorized persons, destruction, loss, damage or alteration, and processing of Personal Data in a manner inconsistent with the provisions of the GDPR.

In order to secure the entrusted Personal Data, the data Administrator takes technical and organizational measures that meet the requirements of the GDPR, in particular the measures listed in Article 24 and 32 of GDPR, ensuring the confidentiality, integrity and availability of the processing services for Personal Data provided.

Automated decision making and profiling

Your data may be processed by the Administrator in an automated manner, including in the form of profiling. However, decisions related to an individual connected with this processing will not be automated.

Final Provisions

In matters not covered by this Policy, EU and national provisions on the protection of personal data should apply.

Policy was last updated: 9 October 2020.