PERSONAL DATA PROCESSING POLICY
Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, hereinafter referred to as the “Regulation”, we inform you that:
1. Personal data administrator
The administrator of your personal data is Kancelaria Prawna RPMS Staniszewski & Wspólnicy sp.k., KRS 0000751085, NIP 7811981461, REGON 38142815100000, z siedzibą: ul. Mickiewicza 22/8, 60-386 Poznań, hereinafter referred to as the “Company”.
2. Contact
In case you would like to contact the us regarding your personal data and how we process it, please send an e-mail to kancelaria@rpmspl
3. Categories of personal data
We process the following categories of your personal data: identification data, address data, and contact data, including payment card and cryptocurrency wallet numbers used to carry out the process related to operations conducted through the Platform located at www.rpms.pl hereinafter referred to as the “Platform”.
In terms of social media communication, we process data provided by the User within the portal.
The Company processes both personal data and certain types of information that cannot be clearly classified as personal data, as they do not allow for clear identification of the User. This kind of information allows us to keep statistics and adapt the Platform to the User’s preferences. We analyze the User’s activities on the Platform, e.g. the order in which the page is viewed, the device from which the User logs in.
When using the Platform, the User leaves his/her IP address on the server. It is not possible for the owner of the Platform to identify a specific person on the basis of knowing only the IP address, and the Company does not take such actions.
When it is necessary to provide the Platform to Users, or it is a legitimate interest of the Company or third parties (which is, for example, to ensure the security of IT resources or the safety of other Users), the Company is authorized to obtain and record data transmitted to the server by Web browsers or Users’ devices. Such data include: IP address, parameters of software
and hardware used by the User, pages viewed, mobile device identification number, and other data on devices and use of systems. However, the collection of the above information usually does not identify the User.
4. Purpose of data processing and legal basis
Personal data may be processed by the Company for the following purposes:
a) to conclude a contract on the basis of Article 6(1)(b) (GDPR),
b) execution of the concluded contract, or for the purpose of providing services by the Company, on the basis of Article 6(1)(b-c) (GDPR),
c) processing of complaints, requests and claims, based on Article 6(1)(b-c) and (f) (GDPR),
d) implementation by the Company of activities arising from generally applicable laws, on the basis of Article 6(1)(c) (GDPR),
e) marketing, including promotion of products or Platforms offered by the Company, communication with the Customer, based on Article 6(1)(f) (GDPR),
f) establishment and investigation of claims by the Company in connection with its operations, based on Article 6(1)(f) (GDPR),
g) to detect and limit fraud related to the Company’s operations and for the purpose of investigations, pursuant to Article 6(1)(f) (GDPR),
h) for statistical purposes and to improve the operation of the Platform, based on Article 6(1)(f) (GDPR).
5. Sharing of personal data
Your data may be shared by the Company with:
(a) entities and bodies to which the Company is obliged or authorized to make personal data available on the basis of generally applicable laws, including entities and bodies authorized to receive personal data from the Company or authorized to request access to personal data on the basis of generally applicable laws,
b) entities to which the Company has entrusted the performance of agency activities on behalf of the Company,
c) entities with which an entrustment agreement has been concluded or which have been authorized to process personal data within the internal structure of the Company
6. Transfer of personal data to a third country
Your data may be to countries outside the European Economic Area and the United Kingdom in connection with communications with cryptocurrency exchanges or entities – custodians of virtual currencies, which may be based outside the EEA.
The Company uses the Platforms of third parties whose servers are located in the United States: Google Analytics (keeping statistics). The operation of Google Analytics can be disabled in the settings of your browser or by blocking it by selecting the appropriate answer when entering the Platform. On the site there is a link to the Google Maps Platform – depending on the settings of your device, the Platform may read your location data. All the above-mentioned entities are certified and provide the highest level of data protection.
In order to maintain the security of transactions conducted through the Platform, the data processed for this purpose is also transferred to:
a) Straal Ltd. (company number: 11185551),
b) Sum and Substance Ltd (company number: 09688671),
c) Elliptic Enterprises Limited (company number: 08458210).
The transfer of data and information is carried out with an appropriate degree of protection, such as:
a) cooperation with processors of personal data in countries for which a relevant decision of the European Commission has been issued;
b) applying standard contractual clauses issued by the European Commission,
c) application of binding corporate rules approved by the relevant supervisory authority.
7. Period of storage of personal data
Your personal data will be stored for the period:
(a) of the contract concluded with the Company, and after its termination: in connection with the Company’s legal obligation under generally applicable laws,
b) necessary for the Company to assert claims in connection with its operations or defend itself against claims directed against the Company, based on generally applicable laws, taking into account the periods of limitation of claims specified in generally applicable laws,
(c) if you object to the processing of your data for statistical and marketing purposes
and marketing purposes, they will be deleted immediately,
d) in the case of processing of data on the basis of the consent granted, the data will be processed until the consent is withdrawn.
8. Your rights
In connection with the Company’s processing of your personal data, you have:
(a) the right to access your personal data,
(b) the right to rectify your personal data,
(c) the right to erasure of personal data (right to be forgotten),
(d) the right to restrict the processing of personal data,
e) the right to data portability to another controller,
f) the right to object to the processing of data, including profiling, and for the purposes of direct marketing, including profiling,
g) the right to withdraw consent where the Company will process your personal data based on consent, at any time and in any manner, without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal,
h) the right to lodge a complaint with the authority responsible for supervising the protection of personal data in the country where the transaction is carried out, if you consider that the processing of personal data violates the provisions of the Regulation.
9. Source of data – the information applies to personal data obtained by means other than from the data subject.
Your personal data may originate from your legal representative, principal in the case of a power of attorney granted, entrepreneur in relation to whom you remain a beneficial owner, employer, party to a contract concluded with the Company, and from publicly available sources, in particular, from databases and registers.
10. Requirement to provide data
Provision of your personal data is necessary for the purpose specified in point 4 above, for:
a) the conclusion and performance of the agreement concluded with the Company, and the consequence of not providing your personal data will be the inability to conclude and perform the agreement concluded with the Company,
b) provision of Platforms by the Company, and the consequence of not providing your personal data will be the lack of provision of Services,
c) processing of complaints, requests or appeals and the consequence of your failure to provide your personal data will be the inability to process the complaint, request or appeal,
d) to receive offers or marketing of products offered or Services provided by the Company, and the consequence of your failure to provide your personal data will be the inability to receive such offers or marketing of products or Services.
11. Automated decision-making, including profiling
The Company will not make automated decisions based on your personal data, including decisions resulting from profiling. Profiling means any form of automated processing of personal data that involves the use of personal data to evaluate certain personal factors of an individual, in particular to analyze or forecast aspects of that individual’s work, economic situation, health, personal preferences, interests, reliability, behavior, location or movement.
12. Additional information
We reserve the right to make changes to the Platform’s privacy policy, which may be affected by developments in Internet technology, possible changes in data protection laws and the development of our Platform. We will inform you of any changes in a visible and understandable manner.
Links to other websites may appear on the Platform. Such websites operate independently of the Platform and are not supervised by the Company in any way. These websites may have their own privacy policies and regulations, with which we recommend that you familiarize yourself.
13. Cookies Policy
§1 [GENERAL PROVISIONS]
(1) The Cookies Policy governs the use of cookies, and moreover how information about the User is processed through them.
(2) The Site performs functions of obtaining information about the User and his behaviour.
(3) Acquisition of information about the User takes place in particular through:
a. saving cookies on the User’s terminal equipment;
b. collecting web server logs on the server managed by the Company.
(4) Personal data collected using cookies may be processed only for the purpose of performing certain functions for the User, as described below. Such data shall be encrypted in a manner that prevents access by unauthorized persons.
(5) The entity placing cookies on the Platform User’s terminal equipment and accessing them is the Company.
(6) Cookies allow, in particular, to recognize the User’s device and appropriately display the Platform adapted to his individual preferences, allow the Platform to be displayed in the User’s language ‘remembered’ by these files, as well as to use other settings of the Platform selected by the User.
(7) Cookies usually contain the name of the Platform from which they originate, the time they are stored on the end device and a unique number.
§2 [PURPOSES OF THE COOKIE POLICY]
(1) The purpose of the Cookies Policy is:
a. making the User aware of the extent to which information about him or her is processed through cookies, including his or her personal data, so that the User can make his or her own, free and informed decision on whether to use the Platform;
b. generally specifying how and for what purpose the Company collects information about the User and for what purposes it uses this information;
c. informing the User to whom and where the Company sends their data.
(2) With a view to the Users’ trust in the Platform, the Company shall exercise due diligence to ensure that the data is processed in a safe, reliable, lawful and transparent manner for the User.
§3 [PURPOSE OF USING COOKIES]
Cookies are used in particular to:
(1) adapt the content of the Platform to the User’s preferences and end device and optimizing the use of the Platform. These files allow recording the User’s choices as to language, browser, settings of selected elements of the Platform, as well as recording information about the User’s location;
(2) create anonymous, aggregated statistics that help to understand how the User uses the Platform, which allows to improve their structure and content, excluding personal identification of the User. Cookies also help to ensure the refinement and smooth operation of the Platform, including testing its performance;
(3) maintain the session of the User of the Platform.
§4 [TYPES OF COOKIES]
(1) The Company uses, as a rule, two types of cookies – ‘session’ and ‘permanent’. The former are temporary files that remain on the User’s device until the User logs out of the Platform or shuts down the software (web browser). ‘Permanent’ files remain on the User’s device for the time specified in the parameters of the cookies or until they are manually deleted by the User.
(2) The Company uses the following types of cookies:
a. in order to provide services through the Platform:
i. indispensable – which are absolutely necessary for the proper functioning of the Platform or the functionality that the User wants to use;
ii. functional – which are important for the operation of the Platform, as they:
1. serve to enrich the functionality of the Platform; without them, the Platform will work properly, but it will not be tailored to the User’s preferences;
2. serve to ensure a high level of functionality of the Platform; without them, the level of functionality of the Platform may decrease, but their absence should not prevent the complete use of the Platform;
3. serve the majority of the functionality of the Site; their blocking will result in selected functions not working properly.
b. With regard to the length of time for which cookies will be placed on the User’s end device, the Company uses the following types of cookies:
i. session cookies – which are placed for the duration of the use of the browser (session) and are deleted after closing the browser or logging out of the Platform;
ii. persistent cookies – which are not deleted when the browser is closed and remain on the User’s device for a specified period of time or without expiration, depending on the Platform owner’s settings.
c. Due to the origin of the web site administrator who manages cookies, the Company uses the following types of cookies:
i. own cookies (first-party cookies) – which are placed on Platforms directly by the Company;
ii. external cookies (third-party cookies) – which are placed on Platforms by entities other than the Company.
d. With regard to the purpose for which cookies serve, the Company uses the following types of cookies:
i. Platform configuration – which enable the setting of features and Platforms on the Platform;
ii. Platform security and reliability – which enable verification of authenticity and optimization of the performance of the Platform,
iii. session status – which allow you to record information about how you use the Platform. These may relate to the most frequently visited Platform or possible error messages. Cookies used to record the so-called “session state” help to improve the Platform and enhance your browsing experience on the Platform;
iv. processes – which enable the smooth operation of the Platform and the functions available on them;
v. location – which make it possible to adjust the information displayed to the location of the Uses.
§5 [COOKIES VS. PERSONAL DATA]
(1) Cookies, as a rule, do not constitute personal data, but certain information stored in such files (e.g. as to preferences), in combination with other information about the User, are treated as personal data.
(2) Personal data collected using cookies may be processed only for the purpose of performing the specified functions described above for the User. Such data shall be encrypted in a manner that prevents access by unauthorized persons.
§6 [DELETION OF COOKIES]
(1) The Company’s authority to store and access cookies is based on the consent given by the User. This consent is given by the User when configuring the Internet browser or the selected Platform or Platform. The User has the option to return to these settings at any time and determine the conditions for storing or accessing this information by the Company.
(2) Web browsing software (i.e. web browsers) by default allows cookies to be placed on the User’s terminal device. These settings can be changed in such a way as to block the automatic handling of cookies in the settings of the web browser or inform about their transmission to the User’s device each time.
(3) In order to exercise the right of objection granted by the RODO Regulation, it is necessary to log out of all devices and delete cookies from them. The update process may take up to 48 hours.
(4) Restricting the use of cookies may affect some of the functionality available through the Platform.
§7 [SYSTEM LOGS]
(1) Information about certain behavior of the User is subject to logging in the server layer. This data is used solely for the purpose of administering the Platform and to ensure the most efficient operation of the hosting Platforms provided to the Company.
(2) Viewed resources are identified by URLs. In addition, the record may be subject to:
a. time of arrival of the request;
b. time of sending the response;
c. the name of the User’s station – identification realized by HTTPS protocol;
d. information about errors that occurred during the execution of the HTTPS transaction;
e. URL of the page previously visited by the User (referer link) – in case the access to the Site was through a link;
f. information about the User’s browser;
g. IP address information;
(3) The above data are not associated with specific persons browsing the Platform, and are used only for server administration purposes.