[The data administrator] This document (the “PrivacyPolicy”) describes how Secfense limited liability company with its registered office at ul. Grodzka 42/1, 31-044 Kraków, entered by the District Court for Kraków – Śródmieście in Kraków, 11th Commercial Division of the National Court Register under KRS number: 0000722746, NIP: 6762546545 (“We / Administrator“) processes personal data (“Data“), of people using the services provided (“You“), including as part of the website www.secfense.com (“Site“).
[We Care About Your Privacy] Every time we access your Data, we make sure that it is processed in accordance with applicable law and with the highest standards of privacy and security. First of all, we process your Data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation) (“GDPR“). We use strict technical and organizational measures to protect all Data processed by us against loss, destruction or unauthorized access by third parties.
[How to contact us?] If you have any questions or comments regarding the protection of your data or if you wish to exercise your rights under the GDPR, please contact the Administrator by sending an e-mail to: [email protected].
[Personal data that we obtain from you] We can obtain from you, the following categories of Data: contact details such as your name, address, e-mail, telephone number; payment (transaction) data – i.e. data related to payments made when using our services; history of transactions made.
[Data We Obtain Automatically] Our Site when you use it may collect some Data automatically. We may obtain information by automated means, such as browser cookies, pixels, web server logs, web beacons and other technologies. Information we collect in this way may include: (a) Data about your device, including MAC address, IP address, log information, device model, hardware model, IMEI number, serial number, subscription information, device settings, connections to other devices, mobile operator, internet browser characteristics, application usage information, sales code, access code, current software version, MNC, subscription information, and random, non-persistent and resettable device identifiers such as a personalized service ID ( or PSID), and advertising identifiers, including the Google advertising ID; (b) Data about your use of the Website, including Clickstream Data, your interactions with the Website (such as the websites visited, search queries, and the applications and features used), the pages that led or referred you to the Platform, dates and hours of using the Platform; and your use of third-party sites, applications and features that are related to our services; (c) Data relating to your use of third party websites, applications and features that are associated with Our Services.
[Purposes and legal grounds for data processing]
- Provision of services. We use your Data to provide services to you, as well as to receive or make payments related to them, or to contact you regarding this matter. The legal basis for processing is the necessity to perform the contract to which you are a party (Article 6 (1) (b) of the GDPR). The retention period for such data processing lasts until the account is deleted from the Platform.
- Consider your requests. We will process your Data to respond to your requests or complaints. The legal basis for data processing is the legitimate interest of the administrator (Article 6 (1) (f) of the GDPR). This legitimate interest is to enable us to properly handle your complaint. The retention period for such processing lasts until the claims arising from your requests or complaints are time-barred.
- Compliance with the obligations arising from the law, industry norms and standards as well as the Administrator’s internal regulations, including the Privacy Policy. In some cases, we collect and use User Data to comply with legal regulations, for example, Payment Data is processed to fulfill tax and accounting obligations. The legal basis for data processing is the need to fulfill the legal obligation incumbent on the Administrator (Article 6 (1) (c) of the GDPR). The retention period of such data lasts until the relevant legal provisions authorize us to process them.
- Contact. We use your data to communicate with you through various channels. The legal basis for data processing is the legitimate interest of the administrator (Article 6 (1) (f) of the GDPR). This legitimate interest is to ensure proper communication with you. The retention period for such data processing lasts until you object to the processing, in any case no longer than 5 years.
- Platform analysis and personalization. We use your Data to personalize the content and analyze the Platform and web traffic. We use cookies for this purpose. The legal basis for processing is the legitimate interest pursued by the Administrator (Article 6 (1) (f) of the GDPR), consisting in the analysis of user activity in order to optimize the services provided. The storage period of such data lasts until the effective objection to their processing, but no longer than it is necessary for the purposes of such processing.
- Newsletter. We may use your Data to conduct marketing activities of the Administrator’s services, which include, inter alia, sending the newsletter (if you consent to the sending of commercial information by electronic means). The legal basis for data processing is the Controller’s legitimate interest in direct marketing of our services (Article 6 (1) (f) of the GDPR). The period of storage of such data lasts until the objection is effectively raised, but no longer than it is necessary for the purposes of such processing.
- Marketing – cold mailing. On the basis of your consent to use telecommunications terminal equipment and automatic calling systems for the purposes of direct marketing, we may send you the Administrator’s marketing messages via e-mail (if you consent to the sending of commercial information by electronic means). The legal basis for data processing is the Controller’s legitimate interest in direct marketing of our services (Article 6 (1) (f) of the GDPR). The period of storage of such data lasts until the objection is effectively raised, but no longer than it is necessary for the purposes of such processing.
- Marketing – cold calling. Based on your consent to the use of telecommunications terminal equipment and automatic calling systems for the purposes of direct marketing, we may contact you to promote the services we provide. The legal basis for data processing is the Controller’s legitimate interest in direct marketing of our services (Article 6 (1) (f) of the GDPR). The period of storage of such data lasts until the objection is effectively raised, but no longer than it is necessary for the purposes of such processing.
- Webinars. We process your Data to be able to conduct a webinar organized by us. They are run by us to educate in the field of cybersecurity and conduct marketing of our services. The legal basis for data processing is the Controller’s legitimate interest in marketing its services and education in the field of cybersecurity (Article 6 (1) (f) of the GDPR). The period of storage of such data lasts until the objection is effectively raised, but no longer than it is necessary for the purposes of such processing.
[Voluntary provision of Data] Provision of Data is voluntary. However, without receiving the necessary Data, we may not be able to perform some of the activities requested by you. Without providing the data necessary to start the provision of services and we cannot provide services to you – their transfer is, therefore, a condition for concluding a contract with us.
[Recipients of Data] In some situations, we may be forced to share your Data with third parties, such as: (a) external service providers – we employ other companies and persons to perform tasks on our behalf. Examples include, providing marketing support, providing legal and accounting services. Such third-party service providers have access to your data to the extent necessary to perform their functions but may not use it for other purposes. In addition, they must process Personal Data in accordance with the provisions of data processing agreements and applicable data protection regulations; (b) public authorities – in connection with the proceedings conducted by them pursuant to the applicable provisions of law.
[Data transfer to countries outside the EEA] We do not and do not plan to transfer User Data from the European Economic Area to countries outside this area.
[Your rights] In connection with the processing of your Data by us, you have a number of rights, the exercise of which can be contacting us by e-mail at: [email protected]. When contacting us, remember to provide us with your contact details and the preferred form of contact. Thanks to this, we will answer your questions and requests more efficiently.
You have: the right to request access to your Data from us, the right to rectify or delete it (“the right to be forgotten”); the right to object to the processing of Data for direct marketing purposes, as a result of which we will stop processing your Data for this purpose; the right to object for reasons related to your particular situation, if we process your Data on the basis of a legitimate interest. However, we will continue to process this Data to the extent necessary, if there is a justified reason; the right to transfer or limit Data processed in connection with the performance of the contract or on the basis of your consent; if the basis for data processing is your consent, you have the right to withdraw this consent at any time. Withdrawal of consent, however, does not affect the lawfulness of our processing of your Data, which we made on the basis of consent before its withdrawal. If you believe that the processing of your Data by us violates the law, you can file a complaint with the President of the Office for Personal Data Protection. More information on how to file a complaint can be found here.
[Automated decision making]
We do not make decisions in an automated manner, including through profiling.
[Cookies] The platform uses cookies. Cookies are small text files that are placed on your computer by websites that you visit. They are commonly used to make online services work better or more efficiently. The use of cookies is now a market standard. The cookies may come from us (“first party cookies”) or from third parties whose services we use (“third party cookies”). Some information stored in cookies (e.g. regarding user preferences), especially when combined with other information about the user, may be considered personal data. Personal data collected using cookies may be processed only for the purpose of performing specific functions on your behalf. These data are encrypted in a way that prevents unauthorized access to them. Some functionalities may not work properly if cookies are disabled.
[Purposes] We can use information collected via cookie technology, incl. for the following purposes: (a) remembering information about the user so that they do not have to be re-entered, (b) understanding how to use the Website and interact with it, so as to adapt the Website to user preferences, (c) manage and measure the usefulness of the Website, (d) understand effectiveness our communications and (e) otherwise improve our services.
Change privacy settings[Cookie management] You can change cookie settings via cookies manager or your browser settings. Most internet browsers are set up to accept cookies automatically. However, you can change your browser settings so that cookies are blocked – in whole or in part, e.g. to block third-party cookies, or that you will receive a message each time cookies are sent to your device. Tips on how to control cookies in popular browsers can be found below. Google Chrome Mozilla Firefox MacOS Safari Microsoft Edge. More information can be found, for example, at: http://www.aboutcookies.org/ or http://www.cookiecentral.com/faq/.
[The current version of the Privacy Policy] The Privacy Policy is up-to-date information on the processing of your Data by us.