PRIVACY POLICY
§1. Personal data controller
1. The personal data controller, as defined in Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), is Seth Software Spółka z ograniczoną odpowiedzialnością based in Głogów Małopolski at ul. Strefowa 1, 36-060 Głogów Małopolski, NIP (Tax ID): 8132709001, REGON (Business ID): 690512599, KRS (National Court Register Number): 0000114098, registration court: District Court in Rzeszów, 12th Commercial Division of the National Court Register, share capital of PLN 50,000.
2. Contact details of the controller: e-mail address info@seth.software.
3. As stipulated in Article 32 (1) of the GDPR, the controller shall respect the principle of personal data protection and shall implement appropriate technical and organisational measures to prevent accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or unauthorised access to personal data processed in connection with its activities.
4. Providing personal data is voluntary, but necessary for the purpose of starting cooperation and/or entering into a contract with the data controller.
5. The controller shall only process personal data to the extent required for the proper performance of the service to the data subject.
§2. Purpose and basis of personal data processing
The controller shall process personal data for the following purposes:
a) preparing a commercial offer in response to a customer’s interest, which is the controller’s legitimate interest (Article 6(1)(f) of the GDPR);
b) providing services via the Website and fulfilling contractual obligations under the contract concluded (Article 6(1)(b) of the GDPR);
c) handling the complaint process, based on a legal obligation to which the controller is subject (Article 6(1)(c) of the GDPR);
d) accounting related to the issuing and receipt of billing documents, in accordance with tax law (Article 6(1)(c) of the GDPR);
e) archiving of data for the establishment, exercise or defence of claims, if any, or the need to prove facts, which is the controller’s legitimate interest (Article 6(1)(f) of the GDPR);
f) contact by telephone or email, in particular in response to enquiries made to the controller, which is the controller’s legitimate interest (Article 6(1)(f) of the GDPR);
g) sending technical information regarding the functioning of the Website and the services used by a customer, which is the controller’s legitimate interest (Article 6(1)(f) of the GDPR);
h) marketing, which is the controller’s legitimate interest (Article 6(1)(f) of the GDPR) or is based on previously granted consent (Article 6(1)(a) of the GDPR).
§3. Data recipients Transfer of personal data to third countries
1. The recipients of the personal data processed by the controller may be entities that cooperate with the controller where this is necessary for the performance of the contract concluded with the data subject.
2. The recipients of the personal data processed by the controller may also be subcontractors, i.e. entities whose services are used by the controller for data processing, such as accounting offices, law firms, IT service providers (including hosting service providers).
3. The controller may be required to make personal data available under applicable legislation, in particular to make personal data available to authorised state bodies or institutions.
4. In connection with the controller’s use of website analysis and tracking tools, personal data may be transferred to an entity based outside the European Economic Area, e.g. Google LLC, Hotjar Ltd. or Inspectlet Inc. based in the USA. The controller has agreed to standard contractual clauses in accordance with Article 46 of the GDPR with the providers of these services as an appropriate safeguard. For more details, go to https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.
§4. Personal data retention period
1. The controller shall keep the personal data for the duration of the contract concluded with the data subject and after its termination for the purposes of asserting claims related to the contract, performing the obligations arising from the applicable legislation, but for a period not longer than the limitation period in accordance with the Polish Civil Code.
2. The data controller shall keep the personal data contained in billing documents (e.g. invoices) for the period of time prescribed by the Value Added Tax Act and the Accounting Act.
3. The data controller shall retain personal data processed for marketing purposes for a period of 10 years, but no longer than until you withdraw your consent to the processing or object to the processing.
4. The controller shall keep personal data for purposes other than those specified in sections 1-3 for a period of 3 years, unless the consent to data processing has been previously withdrawn, and the processing cannot be continued on any other basis than the data subject’s consent.
§5. Rights of the data subject
1. Every data subject shall have the following rights:
a) the right of access – the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed. Where data concerned the data subject are processed, he or she is entitled to access the data and the following information: the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients to whom the data have been or will be disclosed,the envisaged period for which the personal data will be stored or the criteria used to determine that period, the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing (Article 15 of the GDPR);
b) the right to receive a copy of the personal data – the right to obtain a copy of the data undergoing processing, where the first copy is free of charge, and the controller may charge a reasonable fee based on administrative cost for any further copies requested by the data subject (Article 15(3) of the GDPR);
c) the right to rectification – the right to request the rectification of inaccurate personal data concerning him or her or to have incomplete personal data completed (Article 16 of the GDPR);
d) the right to erasure – the right to request the erasure of his or her personal data where the controller no longer has a legal basis for the processing or the data are no longer necessary in relation to the purposes for which they were processed (Article 17 of the GDPR);
e) the right to restriction of processing – the right to request the restriction of the processing of personal data (Article 18 of the GDPR) where one of the following applies:
– the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
– the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
– the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
– the data subject has objected to processing, pending the verification whether the legitimate grounds of the controller override those of the data subject;
f) the right to data portability – the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and the right to demand that those data be transmitted to another controller where the processing of the data is based on the data subject’s consent or a contract with him or her and where the data are processed by automated means (Article 20 of the GDPR);
g) the right to object – the right to object, on grounds relating to his or her particular situation, to processing of personal data concerning him or her for the controller’s legitimate purposes, including profiling. The controller shall then assess the existence of compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. Where the interests of the data subject are assessed to override the interests of the Controller, the controller shall no longer process the personal data for these purposes (Article 21 of the GDPR).
2. In order to exercise the aforementioned rights, the data subject should use the contact details provided to contact the controller and let the controller know which right and to what extent he or she wishes to exercise.
3. The data subject shall have the right to lodge a complaint with the supervisory authority, which is the President of the Office for Personal Data Protection in Warsaw.
§6. Automated decision-making. Profiling
Your personal data will not be processed by automated means, including profiling.
§7. Google Analytics
1. The controller uses Google Analytics, a web analytics service provided by Google Inc. based in the USA.
2. Google Analytics uses cookies to analyse your use of the website. The information generated by a cookie about your use of the website is transmitted to and stored on a Google server. Upon request by the Controller, Google will use this information to analyse the use of the website by users for the purpose of preparing reports on website activity and providing other services related to the use of the website and the Internet to the contracting party.
3. The data shall not be used to identify any individual.
4. You may disable the storage of cookies by adjusting your browser settings accordingly; however, in this case, you will not be able to use the full functionality of the website. Furthermore, you can prevent Google from collecting data generated by cookies and relating to your use of the website (including your IP address) as well as from processing such data by downloading and installing the browser plug-in available at https://tools.google.com/dlpage/gaoptout?hl=pl.
5. You may object at any time to the collection and processing of data relating to your use of Google by downloading and installing a plug-in in your browser, available at https://tools.google.com/dlpage/gaoptout?hl=en.
§8. HotJar
1. The controller uses HotJar, an analytical tool that tracks user behaviour within the Controller’s websites.
2. HotJar collects non-personal data, including standard internet protocol data and behaviour patterns when you visit the website. The goal is to improve user convenience, identify user preferences, diagnose technical problems, analyse events and improve the website. The following information is collected about your device and browser: your device’s IP address (this information is collected and stored anonymously), screen resolution, device type (device identification elements), operating system and browser type, geographical location (country only), preferred language when viewing the website. The following information is collected with regard to user interaction: mouse handling (movements, position and clicks) and keyboard typing.
3. HotJar also collects login data collected by the website at random, indicating the domain, pages visited, geographical location (country only), preferred language, and viewing dates and times.
4. By visiting https://www.hotjar.com/opt-out and clicking on
”Disable HotJar”, you can refuse to have your data collected via HotJar at any time while visiting the website.
§9. Inspectlet
1. On its websites, the Controller uses web analytics tools provided by Inspectlet Inc.
2. inspectlet.com cookies are used to determine how users use the website; for more details on how cookies work and the privacy policy, go to https://www.inspectlet.com/legal.