Privacy policy

  1. Definitions

Administrator – IBCS Poland Sp. z o. o. with its registered office at Al. J. Piłsudskiego 46 33-300 in Nowy Sącz, registered at the District Court for Kraków Śródmieście, 12th Commercial Division. under KRS number: 0000030677, email rodo@ibcs.pl

RODO – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Website – websites run by the Administrator at the following addresses:

User – any person visiting the Website or using one or more services or functionalities described in the Policy.

  1. Data processing

In connection with the User’s use of the Website, the Administrator collects data to the extent necessary to provide individual services. The detailed rules and purposes of processing personal data collected when using the Website by the User are described below.

  1. Purposes and legal grounds for data processing

Personal data of all Users using the Website (including IP address or other identifiers and information collected via cookies) are processed by the Administrator:

  1. in order to provide electronic services in the scope of making content collected on the Website available to Users, – then the legal basis for processing is the necessity of processing to perform the contract (Article 6(1)(b) of the GDPR);
  2. for analytical and statistical purposes – then the legal basis for processing is the Administrator’s legitimate interest (Article 6(1)(f) of the GDPR) consisting in conducting analyses of Users’ activity,
  3. as well as their preferences in order to improve the functionalities used and the services provided.
  4. in order to possibly establish and pursue claims or defend against them – the legal basis for processing is the Administrator’s legitimate interest (Article 6(1)(f) of the GDPR) consisting in the protection of his rights;

User’s activity on the Website, including his personal data, is recorded in system logs (a special computer program used to store a chronological record containing information about events and activities regarding the IT system used to provide services by the Administrator). The information collected in the logs is processed primarily for purposes related to the provision of services. The Administrator also processes them for technical and administrative purposes, to ensure the security of the IT system and to manage this system, as well as for analytical and statistical purposes – in this respect, the legal basis for processing is the Administrator’s legitimate interest (Article 6(1)(f) of the GDPR). GDPR).

  1. Contact form

As part of the Website, the Administrator enables contact with him using electronic contact forms. Using the form requires providing personal data necessary to contact the User. Providing data marked as mandatory is required in order to accept and handle the inquiry, and failure to provide them results in the inability to service.

Personal data is processed:

  1. in order to identify the sender, handle his inquiry sent via the provided form – the legal basis for processing is the necessity of processing to perform the contract for the provision of the service (Article 6(1)(b) of the GDPR);
  2. for analytical and statistical purposes – the legal basis for processing is the Administrator’s legitimate interest (Article 6(1)(f) of the GDPR) consisting in keeping statistics of inquiries submitted by Users via the Website in order to improve its functionality.
  1. Marketing

Administrator processes Users’ personal data in order to carry out marketing activities, which may consist of:

  1. displaying marketing content to the User that corresponds to his interests (behavioural advertising);
  2. displaying marketing content to the User that is not adapted to his preferences (contextual advertising);

In order to carry out marketing activities, the Administrator uses profiling in some cases. This means that thanks to automatic data processing, the Administrator assesses selected factors concerning natural persons in order to analyse their behaviour or create a forecast for the future.

The Administrator processes Users’ personal data for marketing purposes in connection with targeting Users with contextual advertising (i.e. advertising that does not match the User’s preferences). The processing of personal data then takes place in connection with the implementation of the Administrator’s legitimate interest (Article 6(1)(f) of the GDPR).

The Administrator and its partners process Users’ personal data, including personal data collected via cookies (described below), for marketing purposes in connection with targeting Users with behavioural advertising (i.e. advertising that is tailored to the User’s preferences). The processing of personal data then also includes the profiling of Users. The use of personal data collected through this technology for marketing purposes, in particular in the field of promoting services and goods of third parties, requires the consent of the User. This consent may be withdrawn at any time.

  1. Cookies

The Administrator’s website uses “cookies”. Not changing the browser settings on the User’s side is tantamount to consenting to their use. “Cookies” are short text information saved on a computer, telephone, tablet or other user’s device. They can be read by the Administrator, as well as by systems belonging to other entities whose services it uses (such as Google). Cookies usually contain the name of the website they come from, their storage time on the end device and a unique number. More information about cookies can be found on the website www.allaboutcookies.org

Cookies used on the website do not store personal data or other information collected from the User. The website uses cookies to identify the browser session, which enables the use of the website’s functions. The use of “cookies” techniques does not allow downloading any personal and address data of the User or any confidential information from his computer.

Cookies are used for the following purposes: maintaining the security of services and preventing fraud, facilitating website performance, registering visits for marketing and statistical purposes, using social functions, supporting website personalization (e.g. saving language settings). Cookie files may also be used and posted by partners cooperating with the Administrator – then they are subject to cookie policies or privacy policies of the entities posting them.

The administrator reserves the right to use the Google Tag Manager tool for marketing purposes. This involves the use of Google cookies, e.g. Google Analytics codes.

The scope and purpose of data collection, as well as the way of contact and exercise of rights or making settings that ensure privacy protection are described in the privacy policies of individual service providers.

Usually, the web browser by default allows the use of cookies on the device. The administrator informs that you can change the settings in the web browser – completely block the automatic handling of cookies or request notification each time cookies are placed on the device.

If you are using Google Chrome, the instructions are here https://support.google.com/chrome/answer/95647?hl=en

If you are using Mozilla Firefox, the instructions are here – https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer

If you are using Safari, the instructions are here –– https://support.apple.com/pl-pl/guide/safari/sfri11471/mac

If you are using Microsoft Edge, the instructions are here – https://docs.microsoft.com/en-us/microsoft-edge/devtools-guide/debugger/cookies

In the case of using Internet Explorer, the Administrator suggests changing the tool to one of the above, and moreover, the instructions can be found here https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies

= The administrator feels obliged to warn that disabling or limiting the use of cookies may cause difficulties in using the website and limit its functionality.

  1. User data processing

Within the European Economic Area (EEA):

As part of the Website, the User’s data is processed by entities cooperating with the Administrator, which, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC are obliged to comply with high privacy standards similar to those contained in the Policy.

In the case of the HotJar tool (head office address: Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta) – The collected data, as a rule, prevent the identification of a specific person, and more information about the tool’s privacy standards is available under the link GDPR Commitment and Do Not Track

In the case of Youlead sp. z o.o. (address: ul. Wrzesińska 12 / 39; 03-713 Warsaw) – The tool is used to automate sales processes, and more information about the tool’s privacy standards is available at the link.

https://www.youlead.pl/pl/twoje-dane-1/

Outside the European Economic Area (EEA):

Due to the fact that some entities cooperating with the Administrator are based outside the European Union, and therefore in the light of the provisions of the GDPR, they are treated as so-called third countries. The administrator ensures that in accordance with the implementing decision of the European Commission of July 12, 2016 (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_pl) in such cases, the data is transferred to entities from the United States that have joined the Privacy Shield program (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

For Google Inc. (head office address: 1600 Amphitheater Parkway, Mountain View, CA 94043, USA) – The collected data makes it impossible to identify a specific person, and more information about the tool’s privacy standards is available at the link https://policies.google.com/technologies/partner-sites?hl=pl Also, using the link below: https://tools.google.com/dlpage/gaoptout it is possible to disable the activity measured by Google Analytics.

For Facebook Inc. (head office address: Facebook Inc., 1601 S. California Ave. Palo Alto, CA 94304, USA) –https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active. The collected data, as a rule, prevent the identification of a specific person, and more information about the privacy standards of the tool is available at the link https://www.facebook.com/about/privacyshield.

The data may be made available to business partners http://tmp.ibcs.pl/poznaj-nas/partnerzy-biznesowi/ for a special offer.

Thus, the above companies guarantee compliance with standards analogous to the Regulation in the field of personal data protection, and the use of their technology by the Administrator in the processing of personal data is lawful.

  1. Period of personal data processing

The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. As a rule, data is processed for the duration of the service or order execution, until the consent is withdrawn or an effective objection to data processing is made in cases where the legal basis for data processing is the Administrator’s legitimate interest.

The period of data processing may be extended if the processing is necessary to establish and pursue any claims or defend against them, and after that time only if and to the extent required by law. After the end of the processing period, the data is irreversibly deleted or anonymized.

  1. User’s rights

The User has the right to:

  1. access to the content of the data and request their rectification,
  2. deletion of data,
  3. processing restrictions,
  4. the right to transfer data,
  5. the right to object to data processing,
  6. the right to lodge a complaint to the supervisory body – the President of the Office for Personal Data Protection ul. Stawki 2, 00-193 Warsaw.

To the extent that the User’s data is processed on the basis of consent, it can be withdrawn at any time by contacting the Administrator.

The User has the right to object to the processing of data for marketing purposes, if the processing takes place in connection with the Administrator’s legitimate interest, and – for reasons related to the User’s particular situation – in other cases where the legal basis for data processing is the Administrator’s legitimate interest (e.g. in connection with the implementation of analytical and statistical purposes).

  1. Data recipients

In connection with the provision of services, personal data will be disclosed to external entities, including in particular suppliers responsible for the operation of IT systems, marketing agencies (in the field of marketing services) and entities related to the Administrator.

If the User’s consent is obtained, his data may also be made available to other entities for their own purposes, including marketing purposes.

The Administrator reserves the right to disclose selected information about the User to competent authorities or third parties who submit a request for such information, based on the appropriate legal basis and in accordance with the provisions of applicable law.

  1. Contact

Contact with the Administrator is possible at the e-mail address rodo@ibcs.pl or in writing to the address of the Administrator’s registered office.

  1. Changes to the Privacy Policy

The policy is reviewed on an ongoing basis and updated if necessary. The current version of the Policy has been adopted and is effective from July 1, 2020.