PRIVACY POLICY

1. This Privacy Policy defines the rules for the processing of personal data obtained through the www.descra.com website (hereinafter referred to as “Website”).

2. The owner of the Website and the administrator of data is DATAFIC sp. z o.o. with headquarters in Poznań, at Naramowicka 47/109, 61-622 Poznań, Poland, VAT PL9721257308, entered under number 0000574445 in the register of entrepreneurs kept by the District Court Poznań - Nowe Miasto and Wilda in Poznań, 8th Commercial Division of the National Court Register, Share capital: 5000 PLN, hereinafter referred to as DATAFIC.

3. Personal data obtained by DATAFIC via the Website are processed in accordance with the Regulation of the European Parliament and the Council 2016/679 of April 27th, 2016 on the protection of citizens with regard to the processing of personal data, on the free flow of personal data and on the repeal of the Directive 95/46/EC, also referred to as GDPR.

4. DATAFIC respects the privacy of Users visiting the Website.

§ 2 Type of processed data, the objectives, and the legal basis

1. DATAFIC collects information on natural persons who perform a legal action not directly related to their business activity, on natural persons who conduct business activities or professional activities on their own behalf, on natural persons who represent legal persons or business units that are not legal persons but are granted legal capacity by the law and conduct business activities or professional activities on their own behalf. They are hereinafter referred to as Users.

2. Personal data of Users is collected in the event of:

• a) the registration process with the aim to create an individual account on the Website and to manage this account. Legal basis: the indispensability to implement the contract of service - Account (Article 6 (1) (b) of the GDPR);
• b) order placement on the Website with the aim to perform the contract. Legal basis: the indispensability to implement the contract of paid service - Account (Article 6 (1) (b) of the GDPR);

3. Upon registration on the Website, the User provides:

• a) an email address;
• b) a website address.

4. Upon registration on the Website, the User sets an individual password that will allow access to the account. The User can change the password at a later time on terms specified in §6.

5. When placing an order on the Website, the User provides the following data:

• a) e-mail

7. When using the Website, additional information may be obtained, in particular: the User’s IP, the Internet provider’s IP, domain name, browser type, time of access, type of the operating system.

8. Navigation data, including information about the links the Users clicked on or other actions conducted on the Website, may also be obtained. Legal basis: legitimate interest (Article 6 (1) (f) of the GDPR) aiming at facilitating the use of electronically provided services and improved functionality of the services.

9. Some of the personal data provided by the User may be processed in the process of determining, investigating and enforcing claims. Such data might be: name, last name, information on the use of services and in the case of claims resulting from the manner in which the User uses the services, any other data necessary to prove the existence of the claim, including the extent of the suffered damage. Legal basis: legitimate interest (Article 6 (1) (f) of the GDPR) aiming at determining, investigating and enforcing claims and the defense against claims during legal proceedings.

10. Providing personal data to DATAFIC is voluntary on the basis of the concluded contract of service. However, failing to provide specific data in the data form when placing orders and using free services, will make it impossible for the User to place and proceed with the order and service provision to the User will cease.

§ 3 Data sharing and data storage

1. Personal data of the User are provided to service providers, whose services are used by DATAFIC. Depending on contractual agreements, service providers to whom personal data are transferred are either subject to DATAFIC’s orders regarding the purposes and methods of processing data (processors) or independently define the purposes and methods of processing data (administrators).

• a) Processors. DATAFIC uses the services of suppliers who process data only per DATAFIC’s request. Some of these suppliers are hosting suppliers, accounting services, marketing systems suppliers, website traffic analysis system suppliers, the effectiveness of marketing campaigns analysis system suppliers.
• b) Administrators. DATAFIC uses the services of suppliers who independently set the purposes and methods of processing data. They provide electronic payment and banking services.

2. Location. Service providers are based mainly in Poland and other countries of the European Economic Area (EEA).

3. Personal data of Users are stored:

• a) If the basis for the processing of personal data is consent then personal data of the User are processed by DATAFIC until the consent is revoked and once the consent is revoked for a period of time corresponding to the limitation of claims. If there is no provision that stipulates otherwise then the limitation period is six years and in the case of periodic benefits claims and claims related to business activities - three years.
• b) If the basis for the processing of personal data is the contract implementation then personal data of the User are processed by DATAFIC as long as it is necessary to implement the contract and once the contract is implemented for a period of time corresponding to the limitation of claims. If there is no provision that stipulates otherwise then the limitation period is six years and in the case of periodic benefits claims and claims related to business activities - three years.

4. Navigation data may be used in order to provide the User with better service, to analyze statistical data, to adapt the Website to the preferences of Users and to administer the Website.

5. Per request, DATAFIC provides personal data to state authorities, particularly to the District Attorney’s office, the Police, the Inspector General for the Protection of Personal Data or the President of the Office of Electronic Communication.

§ 4 The cookies mechanism and IP addresses

1. The Website uses small files referred to as cookies. These files are saved by DATAFIC on the end device of the person using the Website. A cookie file usually contains the name of the domain from which it comes, its expiration time and an individual, randomly selected identification number. Information collected through the use of cookies facilitates the customization of the products offered by DATAFIC to the individual preferences of Users visiting the Website. It also allows for the production of general statistics for products presented on the Website.

2. DATAFIC uses two types of cookies:

• a) Session cookies: at the end of each browser session or when the computer is turned off, the stored information is deleted from the memory of the device. Session cookies do not allow to download any personal data or any confidential information from the computer of the User.
• b) Persistent cookies: are stored in the end device of the User until they expire or are deleted. Persistent cookies do not allow to download any personal data or any confidential information from the computer of the User.

3. DATAFIC uses its own cookies for:

• a) User authentication and to ensure that once logged-in on the Website, the User does not have to reenter his login and password on every page of the Website;
• b) analyses and research, in particular, to produce statistics which help understand how Users use the Website, which allows for improvement of the structure and the content of the Website.

4. The cookies mechanism is safe for the computers of the Users of the Website. It is impossible for viruses or other unwanted malicious software to be transferred to Users’ computers. Nevertheless, Users can limit or disable cookies in their browsers. In such a case, the Website can be used, with the exception of functions that require cookies.

5. Below we present how to change the use of cookies settings in the most popular browsers:

• a) Internet Explorer browser;
• b) Microsoft EDGE browser;
• c) Mozilla Firefox browser;
• d) Chrome browser;
• e) Safari browser;
• f) Opera browser.

6. DATAFIC may collect the IP addresses of Users. An IP address is a unique number assigned by an Internet service provider to the device of a person visiting the Website. The IP address enables access to the Internet. In most cases, it is dynamic meaning that it changes every time you connect to the Internet. The IP address is used by DATAFIC when investigating technical problems with the server, creating statistical analyses (i.e. determining the locations which generate the most traffic). It is also useful for administering and improving the Website as well as for security reasons.

7. The Website contains links to other websites. DATAFIC is not liable for the privacy protection rules of those websites.

§ 5 Right of data subjects

1. The right to consent withdrawal - legal basis: art. 7 par. 3 GDPR

• a) The User has the right to withdraw any consent he has given to DATAFIC.
• b) Consent withdrawal enters into force from the withdrawal of consent.
• c) Consent withdrawal does not affect the processing of data carried out by DATAFIC in accordance with the law prior to the withdrawal.
• d) Consent withdrawal does not have negative consequences for the User. It may, however, prevent further use of services, which, in accordance with the law DATAFIC cannot provide without consent.

2. The right to data processing objection - legal basis: art. 21 GDPR.

• a) The User has the right to object to the processing of his personal data, including profiling, at any time if DATAFIC processes his data on the basis of a legitimate interest, i.e. marketing of products and services of DATAFIC, running the statistics of functionality use, facilitating the use of the Website and conducting satisfaction surveys.
• b) Resignation from receiving marketing messages related to products and services in an email form will be equivalent to the User’s objection to the processing of his personal data, including profiling.
• c) If the User’s objection proves to be reasonable and DATAFIC will not have any other legal basis for the processing of data, the personal data for which processing the User objected to will be deleted.

3. The right to delete data - legal basis: art. 17 GDPR.

• a) The User has the right to request that all or some of his personal data be deleted.
• b) The User has the right to request that his personal data be deleted if:
• • a. personal data are no longer necessary for the purposes for which they have been collected or processed;
  • b. he withdrew the consent on the basis of which the data was being processed;
  • c. he objected to the use of his personal data for marketing purposes;
  • d. personal data are being processed unlawfully;
  • e. personal data must be deleted to comply with a legal obligation of the Union law or the law of a Member State to which DATAFIC is subject;
  • f. personal data has been obtained in relation to the offer of the services of the information society.
• c) Despite the request to delete personal data, DATAFIC may keep some personal data in the extent necessary to determine, investigate and enforce claims as well as to comply with the legal obligation which requires data processing under Union law, or the law of the Member State to which DATAFIC is subject. This applies to personal data including: name, last name, and email address which are collected for the purpose of handling complaints and claims regarding the use of DATAFIC’s services or to an additional residence/mailing address, and order number which are collected for the purpose of handling complaints and claims related to concluded contracts of service provision.

4. The right to limit the processing of data - legal basis: art. 18 GDPR.

• a) The User has the right to request the limiting of the processing of his personal data. Submitting such a request prevents the use of some services and functionalities until the request is reviewed. DATAFIC will also cease to send any messages, including marketing messages.
• b) The User has the right to request the limiting of the processing of his personal data in the following cases:
• • a. when he questions the accuracy of his personal data – in such a case DATAFIC limits the processing of data for the time needed to verify its validity, but not longer than for 7 days;
  • b. when the processing of data is unlawful and instead of requesting that data be deleted, the User requests to limit their processing;
  • c. when personal data are no longer necessary for the purposes for which they have been obtained or used but are necessary for the User in the process of determining, investigating and enforcing claims;
  • d. when the User objected to the use of his personal data, the limiting takes place for a period of time necessary to determine whether the protection of the User’s interest, rights and freedoms take precedence over the interests of the Administrator during the processing of data.

5. The right to access data - legal basis: art. 15 GDPR.

• a) the User has the right to receive information from the Administrator on whether his personal data are being processed, and if so, the User has the right:
• • a. to access his personal data;
  • b. to obtain information about the purposes of the data processing, the type of processed data, the recipients of data, the period of data storage, the criteria for determining this period, the rights of Users under GDPR, the source of the data, the automated decision making including profiling and the security which applies in connection with the transfer of the data outside the European Union;.
  • c. to obtain a copy of personal data.

6. The right to rectify data - legal basis: art. 16 GDPR.

• a) The User has the right to make a request to the Administrator to promptly rectify any of his personal data that are incorrect. Considering the aims of data processing, the User has the right to request that any incomplete personal data be supplemented, via sending the request to the email address in accordance with §7 of the Privacy Policy.

7. The right to data transfer - legal basis: art. 20 GDPR.

• a) The User has the right to receive any personal data he provided to the Administrator and then forward it to another administrator of his choice. The User also has the right to request that his personal data be forwarded to such an administrator by the Administrator of the Website, provided it is technically possible. In such a case, the Administrator forwards the personal data of the User in a CSV file, which is a commonly used format that allows for the exchange of personal data between administrators.

8. If the User wishes to execute one of the aforementioned rights, DATAFIC either satisfies the request or refuses to satisfy the request immediately and no later than within a month of receiving the request. If - due to the complex nature of the request or the number of requests - DATAFIC will not be able to proceed with the request within a month, DATAFIC is obliged to proceed with the request within the next two months and to inform the User beforehand about the intended extension of the deadline and the reasons for the extension.

9. The User may submit complaints and other requests regarding the processing of his personal data and the executions of his rights to the Administrator.

10. The User has the right to make a request to DATAFIC and ask for a copy of any standard contractual clauses via directing the request in a manner indicated in §7 of the Privacy Policy.

11. The User has the right to make a complaint to the Inspector General for the Protection of Personal Data regarding the violation of his right to the protection of personal data or other rights granted under GDPR.

§ 6 Managing security - password

1. DATAFIC provides the User with a secure and encrypted connection during the transferring of personal data in the login process on the Website. DATAFIC uses the SSL certificate, granted by one of the world’s leading companies in the field of security and encryption of transmitted data.

2. If a registered User has lost his password and cannot access his account, the Website allows the User to generate a new password. DATAFIC does not send password reminders. Passwords are stored in an encrypted form and cannot be read. In order to generate a new password, the User should click on the “Password reminder” link and then provide his email address in the form that will appear once the link is clicked. To the email address provided upon registration, the User will receive a message with a link to a form on the Website, through which the User will be able to set a new password.

3. DATAFIC does not send any correspondence, including electronic correspondence that would request the User to provide his login details, especially the password to the User’s account.

§ 7 Changes to the Privacy Policy

1. Privacy Policy may be subject to change, of which the Users will be informed 7 days in advance.

2. Any questions related to Privacy Policy should be sent to support@descra.com

3. Last modified: 12/09/2019