Your privacy is very important to us. Accordingly, we have developed this Policy in order for you to understand how we collect, use, communicate and disclose and make use of personal information.
Our Privacy Principles :
Before or at the time of collecting personal information, we will identify the purposes for which information is being collected.
- We will collect and use of personal information solely with the objective of fulfilling those purposes specified by us and for other compatible purposes, unless we obtain the consent of the individual concerned or as required by law.
- We will only retain personal information as long as necessary for the fulfillment of those purposes.
- We will collect personal information by lawful and fair means and, where appropriate, with the knowledge or consent of the individual concerned.
- Personal data should be relevant to the purposes for which it is to be used, and, to the extent necessary for those purposes, should be accurate, complete, and up-to-date.
- We will protect personal information by reasonable security safeguards against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
- We will make readily available to customers information about our policies and practices relating to the management of personal information.
We are committed to conducting our business in accordance with these principles in order to ensure that the confidentiality of personal information is protected and maintained.
Responsible Party for Data Processing
The personal data controller (” the Controller”) is the company Concise Software
Sp. z o.o. with its registered office in Rzeszów (35-328), ul. Geodetów 1, entered into the Register of Entrepreneurs of the National Court Register maintained by the District Court in Rzeszów, XII Commercial Division of the National Court Register, under KRS number: 0000390423, Tax Identification Number (NIP): 8133659647, share capital of PLN 30,000.00.
Contacting the our Data Protection Officer is possible via email address: firstname.lastname@example.org
The Controller, with due diligence, selects and uses appropriate technical and organizational measures to protect the personal data processed. Full access to the databases is only granted to persons duly authorized by the Controller.
The Controller protects personal data against unauthorized access, as well as against its processing in violation of the applicable laws.
Visitors to Concise Software Sp. z o.o. can browse the concisesoftware.com website without providing personal data.
Legal Basis for Personal Data Processing
Personal data is processed by the Controller in accordance with the law, in particular in accordance with the provisions of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (hereinafter referred to as “GDPR”) in order to:
- answer questions asked in connection with the use of contact forms available at concisesoftware.com by the user, including pop-ups (pursuant to Article 6 Paragraph 1(b) GDPR);
- use the newsletter service, including the provision of business information and information about the events and workshops, on the basis of the granted consent (Article 6 Paragraph 1(a) GDPR);
- conduct and settle the outcome of a recruitment process if the user has applied to take part in the recruitment process, on the basis of a legal obligation of the Controller and consent granted (Article 6 Paragraph 1(a) and 1(c) GDPR);
- pursue or secure claims (pursuant to Article 6 Paragraph 1(f) GDPR).
Providing personal information is voluntary.
The user should not provide the Controller with personal data of third parties. However, when the user provides such data, the user each time declares that he has the consent of the third parties to transfer the data to the Controller.
Personal Data Processing Scope
- The Controller processes the scope of data provided by the user in the content of the issue addressed to the Controller.
- The data provided by users is used only to: provide answers to the questions asked, send the newsletter including business information concerning the Controller and the Controller’s products, services, workshops and events, carry out the recruitment process, as well as for statistical purposes and event organization.
- The Controller uses IP addresses collected during Internet connections for technical purposes related to server administration. In addition, IP addresses are used to collect general, statistical demographic information (e.g. about the region from which the connection is made).
Personal Data Processing Control
Due to our use of your personal data, under the GDPR you have the following rights:
- Right of access (Article 15 of the GDPR) – you have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data;
- Right to rectification (Article 16 of the GDPR) – you have the right to obtain the rectification of inaccurate personal data concerning you;
- Right to erasure (‘right to be forgotten’, Article 17 of the GDPR) – you have the right to obtain the erasure of personal data concerning you;
- Right to restriction of processing (Article 18 of the GDPR) – you have the right to obtain restriction of processing if one of the cases listed in Art. 18 (1) of the GDPR occur;
- Right to data portability (Article 20 of the GDPR) – you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format as well the right to transmit those data to another controller without hindrance from us;
- Right to object (Article 21 of the GDPR) – you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data;
- Right to withdraw consent – if we process your personal data on the basis of your consent, you have the right to withdraw that consent at any time, but it won’t affect the lawfulness of processing based on consent before its withdrawal;
- Right to lodge a complaint with the data protection authority – you have the right to lodge a complaint with a supervisory authority, if you consider that processing your personal data does not comply to the statutory regulations and provisions of GDPR; the supervisory authority in Poland is President of the Polish Data Protection Authority. The address of the Data Protection Authority is 00-193 Warsaw, ul. Stawki 2.
You can assert the aforementioned rights against us, e.g. via a message to our Data Personal Officer via e-mail address: email@example.com.
Sharing of Personal Data
- Users’ data can be made available to entities authorized to receive the data under applicable law, including the relevant judicial authorities. Personal data may be transferred to entities commissioned to process it, i.e. marketing agencies, partners providing technical services (development and maintenance of IT systems and websites). Your personal data may be transferred to a third party country/international organization.
- Your data may be processed on servers located outside of the country of your residence.
- Your personal data may be transferred outside the European Economic Area to a third party country, i.e. the USA, to subjects fulfilling a required protection level based on the European Commission’s decision from 12 July 2016, the so-called Privacy Shield.
- This means that your data shall be transferred only to subjects that comply with the rules determined by the United States Department of Commerce within the EU-US Privacy Shield Framework programs regulating collecting, using and storing personal data from the Member States of the European Union.
- In an event of sending data from the EU area to other countries, e.g. the United States, data processors comply with the law regulations that ensure an analogical level of security to that of the European Union’s regulations. Here, you can find up-to-date decisions from the European Commision regarding the adequate level of data protection (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en#dataprotectionincountriesoutsidethee)
Data Retention Period and Other Information Concerning Data Processing
- Personal data shall be stored only for the period necessary to achieve a particular purpose for which it was sent, or in order to comply with the law.
- In the case of a recruitment process, personal data shall be processed in the period of twenty-four months after the completion of the recruitment process.
- If the user has consented to the use of personal data in connection with the use of the newsletter, personal data shall be processed until the consent is withdrawn.
- Personal data shall not be processed in an automated way by the Controller.