This Policy is informative and fulfils the information obligations imposed on the data controller by GDPR i.e. Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
1. PERSONAL DATA CONTROLLER
1.1 Personal data shall be controlled by the service provider, i.e. Giganci Programowania sp. z o.o. with its registered office in Warsaw (00-509), at ul. Krucza 46/LU3, National Court Register - KRS 0000687990, Tax Identification Number - NIP 7010705680, with a share capital of PLN 5,000.00.
1.2 Controller contact data: 12.09.2022
2. DATA PROCESSING METHOD
2.1. The scope, purposes and legal basis for processing personal data are presented in the table below.
|Purpose of processing||Scope of data||Legal basis for the processing||Data processing period|
|Enabling the Application||with regard to the User: name, e-mail address, telephone number; with regard to the Participant: name, age, postal code||Article 6(1)(b) of GDPR - authorisation to process data necessary to take action to conclude a contract||until the conclusion of the contract or the expiry of a limitation period for claims resulting from failure to conclude the contract|
|correspondence in the form of emails||e-mail address, name, other personal data voluntarily provided by the data subject||article 6(1)(f) of GDPR - legitimate interest of the controller to handle enquiries and correspondence directly addressed by data subjects||until the end of the correspondence or the data subject objection|
|providing access to the Website||IP Address||Article 6(1)(b) of the GDPR - legal authorisation to process data necessary to perform the contract||until the expiry of the limitation period for claims relating to website access|
|testing traffic on page||IP address, cookies [third parties’ tools cookies: Facebook Pixel, Linkedin, Google Analytics, Adwords, LiveChat, CallPage, Twitter; a cookie that stores a user's discount code]||Article 6(1)(a) of the GDPR - consent of the data subject||until the data is no longer relevant or the data subject withdraws consent|
|rotection against claims, referral of claims||e-mail address, name, other data voluntarily provided by the data subject||Article 6(1)(f) of the GDPR - legitimate interest of the controller in protecting against claims and directing claims||until the expiry of the period of limitation for claims relating to website access and users' actions on the website calculated from the time of the user's last visit to the website|
|recording the progress of organized courses||image||Article 6(1)(f) of GDPR - legitimate interest of the controller consisting in i) undertaking marketing activities; ii) developing teaching materials||until the data is no longer relevant or the data subject’s objection|
2.2. If the Service Provider were to transfer any personal data to a third country (i.e. outside the European Economic Area), it shall inform of the fact the data subject as well as indicate the legal basis for such action.
2.3. In the case of transfer of personal data to a third country, the Service Provider will verify the safeguards applied by the data recipient in order to confirm that the security and integrity of the data are ensured by the recipient and that the rights of the data subjects in the country of the data recipient are respected.
2.4. The Service Provider performs profiling for marketing purposes, i.e. to present a personalized offer to the data subject. The Service Provider does not make automated decisions based on the personal data processed. The data subject shall be entitled to object to profiling.
3. DATA RECIPIENTS
3.1. The Service Provider may contract third parties to process personal data in order to carry out specific activities. Then the recipients of individual data may be: the hosting provider for the Service Provider, the provider of the instant messenger, the company providing technical support, the provider of the e-mails service, the legal office, the accounting office.
3.2. Personal data collected by the Service Provider may also be made available to: relevant State authorities upon their request on the basis of relevant provisions of law or to other persons and entities - in cases provided for by law.
3.3. Each entity to which the Service Provider provides personal data for processing on the basis of a personal data processing agreement (hereinafter "Processing Agreement") shall guarantee an appropriate level in terms of security and confidentiality of personal data processing. The entity processing personal data of data subjects on the basis of the Processing Agreement may process them through another entity only on the basis of prior consent of the Service Provider.
3.4. The Service Provider may share Users' and Participants' personal data with the Organizers. The purpose of such access is to enable the Organizers to conclude and then perform the concluded agreement.
3.5. Each Organizer to whom we provide personal data of Users and Participants applies appropriate technical and organizational security measures to guarantee the security and integrity of data. Moreover, each Organizer shall fulfil the information obligation towards the Users and Participants, i.e. provide them with information concerning the grounds, principles and purposes of the processing of their data, as well as their rights.
4. RIGHTS OF THE DATA SUBJECT
4.1. Every data subject has the right to: (a) have personal data collected about them deleted both from the system belonging to the Service Provider, as well as from databases of entities which the Service Provider cooperates or has cooperated with, (b) have the processing of data limited, (c) transfer personal data collected by the Service Provider, including the right to receive them in a structured form, (d) demand from the Service Provider access to their personal data and their correction, (e) object to processing, (f) withdraw the consent granted to the Service Provider at any time without affecting the legality of processing which was performed on the basis of consent before its withdrawal; (g) lodge a complaint against Service Provider to the supervisory authority (President of the Office for Personal Data Protection).
5. OTHER DATA
5.1. The Service Provider may store http queries, and therefore some information may be stored in server log files, including the IP address of the computer which the request was received from, the name of the station of the data subject - identification via the http protocol, if possible, the date and system time of registration on Service Provider’s website and receipt of the request, the number of bytes sent by the server, the URL address of the page previously visited by the data subject if he/she entered the website of the Service Provider using a link, information about the browser, information about errors that occurred during the http transaction. Logs may be collected as material for the proper administration by the Service Provider. Only persons authorized to administer the information system have access to the information. The log files may be analyzed to compile statistics about the traffic on the Service Provider's website and the errors that occur. A summary of such information does not identify an individual.
6.1. The Service Provider shall apply technical and organizational measures to protect the processed personal data accordingly to the threats and the category of data protected and in particular, it shall protect technical and organizational data against removal or access by unauthorized persons, processing in breach of the Act and change, loss, damage or destruction. The collected personal data is stored on a secure server and the data is also protected by the Service Provider's internal procedures on personal data processing and information security policy.
6.2. The Service Provider has also implemented appropriate technical and organizational measures, such as pseudonymization, designed to effectively implement data protection principles, such as data minimization, and to give the processing the necessary safeguards to meet the requirements of the GDPR and to protect the rights of data subjects.
6.3. At the same time the Service Provider points out that the use of the Internet and services provided electronically may be threatened by the ingress of malicious software (malware) to the ICT system and the user's device, as well as unauthorized access to data, including personal data, by third parties. In order to minimize these risks, the data subject shall apply appropriate technical safeguards, e.g. up-to-date anti-virus software or software protecting his/her identification on the Internet. In order to obtain detailed and professional information on maintaining security on the Internet, the Service Provider recommends consulting entities specializing in this type of IT services.
7.1. In order for the website to function properly, the Service Provider uses cookie technology. Cookies are packages of information stored on user's device via the Service Provider, usually containing information consistent with the purpose of the file by means of which the user accesses the website of the Service Provider - these are usually: the address of the service, the date of placing, the expiry date, a unique number and additional information consistent with the purpose of the file.
7.2. The Service Provider uses two types of Cookies: (a) session cookies, which are deleted permanently when the user's browser session ends; (b) persistent cookies, which remain on the user's device after the end of the browser session until they are deleted.
7.3. Based on cookies, both session and persistent, it is not possible to determine the identity of a user. The Cookies mechanism does not allow any personal data to be collected.
7.4. Cookies of the Service Provider are safe for the device of a given user, in particular they do not allow viruses or other software to enter the device.
7.5. Files generated directly by the Service Provider cannot be read by other sites. External Cookies (i.e. Cookies placed by entities cooperating with the Service Provider) can be read by an external server.
7.6. The user in question can change his/her cookie settings at any time, specifying the conditions for storing cookies, through the settings of his/her web browser or by configuring the service.
7.7. First of all, a given user may disable the storing of Cookies on his/her device in accordance with the instructions of the browser's manufacturer, but this may result in unavailability of some or all functions of the Provider's website.
7.8. The User may also delete the cookies stored on his/her device at any time in accordance with the instructions of the browser manufacturer.
7.9. The Service Provider uses its own Cookies for the following purposes: the configuration of the website and adapting the content of the pages to the preferences or behavior of the User; analysis and study of the audience, the number of clicks and paths through the site to improve the design and organization of content on the site, time spent on the site, the number and frequency of visitors to the website of the Service Provider.
7.10. The Service Provider uses External Cookies for the following purposes: - creating (anonymous) statistics allowing to optimize the functionality of the Service Provider (Google Analytics) - creating statistics of advertisements and remarketing groups (Facebook Pixel, Linkedin, Twitter, Adwords) - making chat available to Users (LiveChat) - making instant callbacks available to Users (CallPage)
8. FINAL PROVISIONS