Current privacy policy and documents
Compliance with data protection laws and the trust of those whose personal data we process are very important to us. We would like to inform you about our policies for collecting, processing, securing, transferring and using personal data, and who you can contact in matters related to personal data protection issues.
In accordance with the requirements of the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and the repeal of Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the “Regulation”, we inform you that:
(1) Personal Data Administrator
The Personal Data Administrator, hereinafter referred to as “Administrator”, is:
getsix Polska Sp. z o.o. with its registered office at Ul. Zwycięska 45,
53-033 Wrocław
NIP: 1010003288
KRS: 0000271247
The Administrator is responsible for the use of personal data in a secure manner, consistent with the purposes for which they were collected and in accordance with applicable laws.
(2) Contacting the Administrator:
The Administrator’s contact details:
– phone: +48 71 388 13 00
–
e-mail: gdpr@getsix.pl
–
correspondence address: Zwycięska 45, 53-033 Wrocław
Contact with the Data Protection Officer
– Mr Sebastian
Możejko
– phone: +48 71 388 13 00
– e-mail: gdpr@getsix.pl
–
correspondence address: Zwycięska 45, 53-033 Wrocław
General Provisions
We use the obtained personal data only for specific, legitimate purposes for which they were collected. The scope of personal data, the purpose of their processing, the legal basis for such processing, the period of processing period and the categories of recipients of the data result from the legal requirements incumbent on the Administrator and the nature and scope of activities undertaken by the data subject.
(3) Purpose of data processing by the Administrator, the legal basis for processing, and the period for which personal data will be stored:
(a) Purpose of data processing: Take action at the request of the data subject prior to entering into a contract (e.g. preparation of an offer).
Legal basis for processing: Article 6(1)(b) of the Regulation (“performance of a contract”)
Storage period: Data is stored for the period necessary, for the performance, termination or expiration of the contract and for the period after which any legal claims shall be barred.
(b) Purpose of data processing: To conclude and perform a contract (including ensuring the quality of services)
Legal basis for processing: Article 6(1)(b) of the Regulation (“the
performance of a contract”)
Storage period: Data is stored for the period necessary for the performance, termination or expiration of the contract and any settlements, and for the period after which any legal claims will be barred.
(c) Purpose of data processing: Conducting direct marketing (targeting communications to carefully selected, individual clients, on a one-to-one basis, for a direct response (reply))
Legal basis for processing: Article 6 (1)(f) of the Regulation
(“legitimate interests of the Administrator”)
Storage period:
Data is stored for the period of existence of the legitimate interest pursued by the Administrator and for the period after which any legal claims will be barred. If the data subject successfully objects to the use of his or her personal data, the Administrator will no longer process the data for direct marketing purposes.
(d) Purpose of data processing: To conduct marketing
Legal basis for processing: Article 6 (1)(a) of the Regulation Regulation (“consent of the data subject”)
Storage period: Data is stored until the
data subject withdraws the consent for further processing of their data
for marketing purposes.
(e) Purpose of data processing: To issue, collect and store invoices and to maintain accounting records
Legal basis for processing: Article 6 (1)(c) of the Regulation (“fulfillment of a legal obligation”) in connection with Article 74 (2) of the Accounting Act and Article 86 (1) of the Tax Ordinance Act.
Storage period: Data is stored for the period in which prescribe the storage of accounting books and accounting documents (i.e. for 5 years, counting from the beginning of the year following the fiscal year to which the data pertains) and for the period after which any tax liabilities become statute-barred.
(f) Purpose of data processing: To respond to complaints within the period of time and in the form prescribed by law
Legal basis for processing: Article 6(1)(c) of the Regulation (“fulfillment of a legal obligation”)
Storage period: Data is stored for a period of 1 year after the expiration of the warranty period or settlement of the complaint, and thereafter for the period after which any legal claims become time-barred.
(g) Purpose of data processing: Client’s expression of opinion
Legal basis for processing: Article 6 (1)(a) of the Regulation (“consent of the data subject”)
Storage period: Data is stored until the
data subject withdraws the consent for further processing of their data
for this purpose.
(h) Purpose of data processing: Detection and prevention of abuse
Legal basis for processing: Article 6(1)(c) of the Regulation (“fulfillment of a legal obligation”)
Storage period: Data is stored for the duration of a contract and thereafter for the period after which the claims under the contract become time-barred. If the Administrator asserts claims or notifies competent authorities – for the duration of such proceedings and “for 5 years from the beginning of the year following the fiscal year in which operations, transactions and proceedings were finally completed, paid off, settled or barred”.
(i) Purpose of data processing: Establishing, defending and asserting claims raised by or against the Administrator (including the sale of claims to another entity)
Legal basis for processing: Article 6 (1)(f) of the Regulation (“legitimate interests of the Administrator”) in conjunction with to Article 74 (2) of the Accounting Act.
Storage period: Data is stored:
- for the period after which the claims under the contract become time-barred,
- if the the Administrator asserts claims in civil proceedings or in criminal or tax proceedings, the accounting proofs (which may contain personal data) must be kept “for 5 years from the beginning of the year following the fiscal year in which operations, transactions and proceedings were finally completed, paid off, settled or barred”,
- for the period in which the Administrator may incur legal consequences of non-compliance, e.g. be fined with an administrative penalty.
(j) Purpose of data processing: Newsletter dispatch
Legal basis for processing: Article 6(1)(a) of the Regulation ("consent of the data subject")
Storage period: Data is stored until the consent given is withdrawn, an objection is expressed or the newsletter is unsubscribed (whichever comes first).
(k) Purpose of data processing: Handling of any complaints or requests, processing for archival and security purposes
Legal basis for processing: Article 6(1)(f) of the Regulation ("legitimate interests of the Administrator")
Storage period: Data is stored until the legal conclusion of the proceedings and for the period after which any claims become time-barred (in principle 3 years, maximum 6 years calculated from the date of termination of the relationship/contract). In the event that the personal data and the content of the correspondence constitute evidence in proceedings under the law or the Administrator has become aware that they may constitute evidence in the proceedings, the data retention period shall be extended until the legal conclusion of the proceedings.
(l) Purpose of data processing: To conduct recruitment
Legal basis for processing: Article 6(1)(c) of the Regulation ("legal obligation incumbent on the Administrator"), Article 6(1)(a) of the Regulation and Article 9(2)(a) of the Regulation ("consent of the data subject")
Storage period: Data shall be stored for a period of no more than 1 month from the date of completion of the recruitment. If the data subject also consents to the processing of personal data in further recruitment processes, personal data will be processed for this purpose for a period of 9 months, counting from the date of completion of the recruitment.
(m) Purpose of data processing: To maintain employment-related records
Legal basis for processing: Article 6(1)(c) of the Regulation ("legal obligation incumbent on the Administrator")
Storage period: Data shall be stored for a period in accordance with current legislation, i.e. 10 years or 50 years.
(n) Purpose of data processing: To communicate with those who contact us via social networks (responding to comments and messages etc.)
Legal basis for processing: Article 6(1)(f) of the Regulation ("legitimate interests of the Administrator")
Storage period: Data is stored for the period of existence of the legitimate interest pursued by the Administrator and for the period after which any claims will become time-barred (in principle 3 years, maximum 6 years calculated from the date of termination of the relationship/contract).
(o) Purpose of data processing Storage of cookies or use of other similar technologies on the user's end device (PC, laptop, tablet, phone/smartphone, Smart TV).
Legal basis for processing: Article 6(1)(a) of the Regulation ("consent of the data subject")
Storage period: Data is stored until the data subject withdraws, by consenting to further processing of his/her personal data.
(4) Data recipients
In order to perform a contract and to ensure the proper operation of the Administrator’s website, the Administrator uses the services of third parties cooperating with it (for example: postal services, couriers, payment processors). Personal data is transferred to third parties only if and to the extent that is necessary to achieve the purpose of processing. Personal data provided to third parties may be used only for the purpose of carrying out the task ordered by the Administrator.
Personal data may be provided to the following recipients who cooperate with the Administrator:
- Subsidiaries of the getsix® Group – getsix Wrocław Sp. z o.o., getsix Poznań Sp. z o.o., getsix Szczecin Sp. z o.o., getsix Warszawa Sp. z o.o., getsix Katowice Sp. z o.o., getsix Services Sp. z o.o., amavat Sp. z o.o. – to the extent necessary for the purposes arising from the legitimate interests pursued by the Administrator, including internal administrative purposes,
- entities engaged in postal, courier and similar activities (e.g. courier brokers) – to the extent necessary to carry out the delivery and correspondence,
- selected entities acting on behalf of the Administrator in handling accounting, tax, advisory, legal and debt collection matters (including entities acquiring debt) – to the extent necessary to carry out a specific purpose of processing,
- entities providing technical assistance services provided to the Administrator and IT solution providers that enable the Administrator to conduct its business (for example, software, e-mail and hosting providers) – the Administrator provides personal data to the trusted provider acting on its behalf only in the case and to the extent necessary to carry out a specific purpose of processing,
- providers of solutions for expressing/publishing client opinions – to the extent necessary to express such opinions,
- entities through which we send out our Newsletter.
(5) Transfer of data outside the EEA
Personal data is generally not transferred outside the European Economic Area (comprising the European Union, Iceland, Liechtenstein and Norway) nevertheless:
- personal data may be located on a Microsoft server located outside the EEA in connection with the Administrator’s use of Microsoft services.
- personal data (related to web analytics) may be transferred outside the EEA to Google LLC see also section 9 Web analytics.
(6) The rights of the data subject
The processing of personal data does not require any consent if, among other things: the processing is necessary to perform a contract, or to take action prior to entering into a contract, results from a legal obligation of the Administrator or is necessary for the Administrator’s legitimate interest. If the consent is necessary to be able to process personal data for a specific purpose, the Administrator asks for such consent. The consent given can be withdrawn at any time.
If the consent is withdrawn, data will no longer be processed to the extent to which the consent was given, but the withdrawal of the consent will not affect the lawfulness of the processing, which was made on the basis of consent before its withdrawal.
Under the terms of the Regulation, the data subject also has the right: to demand from the Administrator access to, rectification, erasure (“to be forgotten”) or restriction of processing personal data, the right to object to processing, and the right to data portability.
If personal data is processed for direct marketing purposes, one can object at any time to the processing of this data for marketing purposes, including profiling, to the extent to which the processing is related to direct marketing.
In order to perform the above rights, an application must be submitted to the Administrator by e-mail, letter or in person at the Administrator’s office; the Administrator’s contact details can be found in point 2 above. To ensure that the person submitting the application is entitled to do so, the Administrator may ask for additional information confirming the identity of the person submitting.
The provisions of the Regulation indicate to what extent each of these rights can be used. This will depend in particular on the legal basis and purpose of personal data processing by the Administrator. The above rights can be exercised free of charge no more than once every 6 months. In accordance with Article 12 of the Regulation, if the data subject’s demands are manifestly unjustified or excessive, in particular due to their continuing nature, the Administrator may charge a fee.
The data subject has the right to lodge a complaint with the supervisory authority, i.e. the President of the Office for Personal Data Protection.
(7) Obligation or no obligation to provide personal data
The use of the Administrator’s services and the provision of personal data to the Administrator is voluntary. However, the data subject is obliged to provide such data in connection with:
- entering into a contract with the Administrator – in this case, the provision of personal data is a contractual condition and the data subject is obliged to provide the required data if they want to conclude a contract with the Administrator. Each time, the extent of data required to conclude a contract is communicated to the data subject. Failure to provide this data results in failure to conclude such contract.
- fulfillment of the Administrator’s legal obligations – in this case, providing personal data is a statutory condition resulting from the regulations imposing on the Administrator the obligation to process personal data (e.g. in connection with the obligation to issue, collect and store invoices and accounting documents and keep accounting books). Failure to provide such data will prevent the Administrator to perform the indicated obligations, which will result in failure to conclude a contract.
(8) Use of data for advertising purposes
8.1 Newsletter
Our newsletter is sent only to those who have given consent by providing their e-mail address. At any time, consent to receive the newsletter can be withdrawn by clicking on the “Unsubscribe” link provided in each newsletter or by contacting the Administrator at the above address.
Necessary personal data may be transferred to countries outside the European Economic Area due to the newsletter service provided by the Administrator. The transfer is therefore necessary for the provision of services to the user. In such a case, the transfer of data is based on appropriate safeguards in accordance with personal data protection regulations.
The Administrator currently sends the newsletters using the MailChimp platform, therefore the recipient of your data is The Rocket Science Group LLC with the seat 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA.
The entity guarantees that the personal data (email addresses) which are transferred to it, are safe because the transfer is based on adequate safeguards in accordance with data protection regulations based on standard data protection clauses adopted by the European Commission.
Commission Implementing Decision (EU) 2021/914 of June 4, 2021 on standard contractual clauses for the transfer of personal data to third countries under Regulation (EU) 2016/679 of the European Parliament and of the Council (Text with EEA relevance), which is available at http://data.europa.eu/eli/dec_impl/2021/914/oj"
For more information about security measures, as well as how to obtain copies of these security measures, and where to access them, contact the Administrator at the above address.
8.2 Banner advertising
Banner advertising is an advertisement which takes the User to another website by clicking on it. Banner advertising, for example, presents the User with products they have viewed, or similar products. We may also present ads of our partners.
Banner advertising uses cookies or pixels. Direct information about the User is not saved. Only pseudonymized data is used. Additional information about cookies, pixels and retargeting/remarketing is provided below.
8.3 Cookies
The Administrator’s websites use cookies, i.e. text files saved on the User’s device. These files allow it to analyze the use of a website and identify the User’s web browser. By making appropriate browser settings, you can block the installation of cookies – this may result in a limitation of the functionality of the website.
The Administrator may process data contained in cookies to anonymously analyze visitors’ activities, study their behavior (e.g. opening specific websites) in order to provide them with advertisements tailored to their anticipated interests, also when they visit other partner websites of Google Inc. and Facebook Ireland Ltd. in the advertising network and to improve the administration of Administrator’s websites.
8.4 Onsite Targeting
The Administrator uses cookie technology to conduct the analysis of visitors’ activities (e.g. opening specific subpages) and may present the User with advertisements and/or special offers. The purpose of these activities is to provide the User with content most relevant of the search.
8.5 Retargeting, third-party cookies and third-party data collection for the banner advertising purposes
The Administrator’s websites use retargeting technology (remarketing).
The Administrator uses the services of third parties who use apply cookies on the Administrator’s website, these are:
Google Analytics, Universal Analytics and Google Remarketing provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Detailed information on the functioning of the above services is available at www.google.com/intl/pl/policies/privacy/partners/ see also https://policies.google.com/privacy/update?hl=pl&gl=pl
and
Facebook Pixel provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). Detailed information is available at https://www.facebook.com/about/privacy
The User can disable cookies by changing the settings of their web browser.
8.6 How can you block the saving of
cookies?
In order to block the saving of cookies, the
User should enable the settings in the web browser to accept the saving
of cookies only if they agree.
To accept the use of Administrator’s cookies, and at the same time block the use of third-party cookies, select the option “Block third-party cookies” in the browser settings.
8.7 Contests, market research and opinion polls
Each contest and promotional campaign have separate regulations. In order to participate in them, the User is asked to provide the personal data listed in the regulations and by giving consent, including the use of telecommunication devices in market research or opinion surveys (phone number, e-mail address) by the organizer of the contest for the purpose of direct marketing by the Administrator. Shared personal data will be processed for the purpose of conducting the contest, notifying of the winner and for the purpose of market research or opinion survey.
The answers provided as part of market research or opinion survey are not made available to third parties or published.
(9) Online analysis
The Administrator uses Google Analytics provided by Google for analyzing website traffic. Google Analytics analyses User behavior on the website through the use of cookies. The information generated by cookies on the use of the website by the User (including their IP address) is transmitted to Google and stored on its servers in the USA. Google will use this information to analyze the use of the websites, create reports for the websites using Google Analytics and provide other services. Google may also transfer this information to third parties, as required by law, or if third parties process this information on behalf of Google.
By using the website, the User consents to the processing of their data by Google in the manner and for the purposes specified above.
The website is analyzed by Google Analytics with the extension “_anonymizeIp ()” and therefore the IP addresses are processed only in abbreviated form, which makes it impossible to directly link the address to a certain User.
The User can opt out of cookies by making the appropriate browser settings. This may result in a limitation of the functionality of the website and it may not be possible to use all of its functions.
The consent to store and collect personal data can be withdrawn at any time with effect for the future.
In order to prevent the transmission of data generated by a cookie related to the use of the website (including the IP address) to Google and the processing of such data by Google, simply download and install the blocking plug-ins available at the following address: https://tools.google.com/dlpage/gaoptout?hl=en
(10) Server log file
The web browser provides data about User activities on the Administrator’s websites, which are saved in the server log files. The data records saved in this way contain the following data: date and time of download, name of the page opened, downloaded data volume, as well as information about the product version of the web browser used, IP address, reference website URL (the address of the website from which the user was redirected).
The server log file data records are analyzed for debugging, server performance management, protection against DDoS attacks, and to customize offers.
(11) Automated decision-making and profiling
Personal data will not be used for automated decision-making that will cause legal effects for the data subject, including profiling.
(12) Final Provisions
The Administrator’s websites may contain links to other websites. Such websites operate independently of the Administrator and are not supervised by the Administrator in any way. The Administrator recommends reading privacy policies when going to other websites. The Administrator is not responsible for the data handling policies of these websites.