Who processes personal data and for what purposes?
- The administrator of the personal data is Orbify Poland sp. z o. o., with its registered office in Krakow, ul. Kurniki 9 (31-156 Krakow), entered in the register of entrepreneurs under KRS no.: 000906360, REGON no.: 389222443, NIP no.: 6762598737 (hereinafter: the "Company"), which is the service provider of the Website, to the following extent:
THE DATA SUBJECT | PURPOSES AND LEGAL BASES OF DATA PROCESSING |
---|
Website User | the performance of the contract for the provision of electronic services through the Website on the basis of Article 6(1)(b) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter: the "GDPR"; analytical and statistical purposes to improve the applied functionalities and services provided through the Website, to ensure the smooth functioning of the Website and to clarify the circumstances of unauthorised use of the Website, which arise from the legitimate interests pursued by the Company, on the basis of Article 6(1)(f) the GDPR. |
Newsletter subscriber | to inform you about the Company's activities, relevant events, etc. - in the event that you voluntarily consent to the processing of your data on the basis of Article 6(1)(a) the GDPR. |
An individual visiting our account / funpage, within Youtube channel, or the social network: Twitter / Linkedin. | purposes deriving from the legitimate interests pursued by the Company, in particular in connection with the management of the Company's channel / account, including the provision of communication with the user, answering questions / comments, on the basis of Article 6(1)(f) the GDPR. |
A sole trader who has entered into a contract with the Company or has had pre-contractual action taken against him at his request | necessity for the performance of the contract concluded by that person with the Company or to take action at that person's request prior to the conclusion of the contract on the basis of Article 6(1)(b) of the GDPR; the necessity to fulfil the Company's legal obligations, in particular under tax law and accounting regulations on the basis of Article 6(1)(c) of the GDPR; purposes deriving from the legitimate interests pursued by the Company, in particular to ensure contact prior to the conclusion of the contract and during the term of the contract, as well as to establish, assert or defend against possible claims on the basis of Article 6(1)(f) the GDPR. |
Authorised representative, contact person or other person on the part of the entity that has entered into the contract with the Company or other person involved in the execution of the contract with the Company | purposes deriving from the legitimate interests pursued by the Company, in particular, ensuring contact with an entity that is party to a contract concluded with the Company, verifying that the person who contacts the Company is authorised to take action on behalf of that entity, the proper execution of a contract concluded with the Company and the establishment, investigation or defence against possible claims on the basis of Article 6(1)(f) the GDPR; the necessity to fulfil the Company's legal obligations, in particular under tax law and accounting regulations on the basis of Article 6(1)(c) of the GDPR. |
Applicant for employment with the Company / cooperation with the Company | Necessity for the implementation of the recruitment process pursuant to Article 22(1) of the Act of 26 June 1974. - Labour Code (Journal of Laws of 2018, item 917, as amended) - in the case of employment under an employment contract; the necessity to carry out the recruitment process and to take action at the request of the data subject prior to the conclusion of the contract on the basis of Article 6(1)(b) of the GDPR - in the case of employment under a civil law contract; Necessity for future recruitment processes on the basis of Article 6(1)(a) of the GDPR - in case you voluntarily consent to the processing of your personal data for the purposes necessary for future recruitment processes. |
Applicant for an internship with the Company | the necessity to carry out the recruitment process and to take action at the data subject's request before entering into a contract on the basis of Article 6(1)(b) of the GDPR; Necessity for future recruitment processes on the basis of Article 6(1)(a) of the GDPR - in case you voluntarily consent to the processing of your personal data for the purposes necessary for future recruitment processes. |
How can you contact us about data protection issues?
- In matters relating to the processing of personal data, the Company may be contacted electronically at: privacy@orbify.com.
To whom will personal data be transmitted?
- Recipients of personal data may be - only when necessary and to the necessary extent - entities cooperating with the Company in the scope of services provided to the Company and in support of the Company's current business processes, in particular entities providing IT services, accounting, postal or courier services.
How long will we process personal data?
- If the processing is based on freely given consent, the personal data will be stored until you withdraw your consent to process your personal data for specific, explicit and legitimate purposes. Consent to the processing of personal data may be withdrawn at any time. The withdrawal of consent to the processing of data shall be made by contacting the Company as indicated in Section II, point 2 above. The withdrawal of consent shall not affect the lawfulness of the processing carried out on the basis of consent before its withdrawal.
- If the processing of the data is necessary for the performance of a contract or to take action at the request of the data subject prior to entering into a contract, the personal data will be processed for the duration of the contract and, thereafter, for the period of limitation of possible claims under generally applicable law.
- If the processing is necessary for the fulfilment of a legal obligation incumbent on the Company, the personal data will be processed for a period of time resulting from generally applicable legislation.
- If the processing is necessary for purposes deriving from legitimate interests pursued by the Company or by a third party, the personal data will be processed for no longer than is necessary for the purposes for which the data are processed or until an objection is raised to the processing of the personal data for such purposes, on grounds related to the particular situation of the data subject, unless the Company demonstrates the existence of compelling legitimate grounds for the processing overriding the interests, rights and freedoms of the data subject or grounds for the establishment, assertion or defence of claims.
Is it compulsory to provide personal data?
- Where personal data is processed on the basis of the data subject's consent, the provision of personal data is voluntary. Failure to provide data will result in the impossibility of fulfilling the purpose in question, if consent is a condition for fulfilling that purpose.
- If the personal data are processed for purposes necessary for the performance of a contract to which the data subject is a party or to take action at the request of the data subject prior to entering into a contract, the provision of personal data is voluntary, but necessary to enter into a contract with the Company.
- If the processing of personal data is necessary for the fulfilment of a legal obligation incumbent on the Company, the provision of personal data is a statutory requirement.
- If the personal data are processed for purposes arising from legitimate interests pursued by the Company or by a third party, the provision of personal data is voluntary, but necessary for these purposes.
What rights do you have in relation to the processing of your personal data?
- The data subject has the right to:
- Access to his/her personal data, including the right to obtain confirmation as to whether or not his/her personal data are being processed and, if so, the right to obtain access to them, the information indicated in Chapter III, point 8 of the Policy and to obtain a copy of the personal data being processed;
- Rectification of personal data, which includes the right to request the Company to immediately rectify personal data concerning him/her that is inaccurate;
- Deletion of personal data;
- Restrictions on the processing of personal data;
- Data portability, which includes the right to receive the data and send it to another controller or to request, where technically possible, that the data be sent directly to another controller - insofar as the data is processed on the basis of consent and for the purposes necessary for the performance of the contract and the processing of data by automated means;
- Object to the processing of personal data to the extent of processing for purposes arising from the legitimate interests pursued by the Company on the basis of Article 6(1)(f) GDPR, unless the Company demonstrates the existence of valid legitimate grounds for processing overriding the interests, rights and freedoms of the data subject or grounds for the establishment, assertion or defence of claims;
- Lodge a complaint with the supervisory authority for the protection of personal data - the President of the Office for the Protection of Personal Data - if it considers that the processing of data is not in compliance with the law.
How do we secure the personal data we process?
- In order to prevent unauthorised or unlawful access, accidental loss, damage or destruction of personal data, the Company uses appropriate technological solutions and security measures in compliance with the requirements established by the GDPR and other generally applicable legislation.
- Access to personal data is granted to the Company and to persons authorised by the Company who have undertaken to maintain the confidentiality of such personal data.
- The Company keeps a register of persons authorised to process personal data.
What do we do in the event of a breach?
- In the event of a personal data protection breach that may cause a risk of infringement of the rights and freedoms of an individual, the Company shall, without undue delay, and if possible no later than 72 hours after the discovery of the breach, notify the breach to the competent supervisory authority (President of the Office for Personal Data Protection). Where a personal data breach is likely to result in a high risk of infringement of the rights and freedoms of an individual, the Company shall, without undue delay, also notify the individual of such breach, as required under the GDPR.
- The Company shall document all data protection breaches, including the circumstances of the breach, its consequences and the remedial action taken.