ПОЛІТИКА КОНФІДЕНЦІЙНОСТІ

§1. GENERAL PROVISIONS

1. The controller of personal data collected through the Service and DESKTOMY.PL shall be MBT MEDIA SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, entered in the register of entrepreneurs maintained by the District Court Katowice – Wschód in Katowice, 8th Commercial Division of the National Court Register under the number KRS: 0000411673, Taxpayer Identification Number (NIP): 9542736593, business statistical number (REGON): 242844466, share capital of 15,000 zloty, place of business activity and the mailing address: Konduktorska Street 33, 40-155 Katowice, e-mail address: kontakt@desktomy.pl, tel. +48 508 864 660, hereinafter referred to as the Controller and being at the same time the Service Provider.
2. Personal data collected by the Controller via website are processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as
3. All and any capitalised words or expressions used in this Privacy Policy shall be understood according to their definition included in the Regulations of Desktomy.pl Internet Service.

§2. TYPE OF PERSONAL DATA PROCESSED, PURPOSE AND SCOPE OF COLECTING DATA

1. PURPOSE OF PROCESSING AND LEGAL BASIS The Controller processes personal data of the Service Recipients of the Desktomy.pl Internet Service in case of:
   1. registration of the Account in the Service (filling in the form),for the purpose of creating an individual account and management of such account, pursuant to art. 6 par. 1 letter b of GDPR (execution of the electronic services agreement in accordance with the Regulations),
   2. submission of orders for paid services in the Service pursuant to art. 6 par. 1 letter b of GDPR (execution of the electronic services agreement in accordance with the Regulations)
2.  TYPE OF PERSONAL DATA PROCESSED::
   – name and surname,
   – business position,
   – brand name,
   – series and number of the identity card,
   – Taxpayer Identification Number (NIP),
   – address,
   – telephone number,
   – e-mail address.
3. PERIOD OF ARCHIVING PERSONAL DATA. Personal data of the Service Recipients are stored by the Controller:
   1. If data are processed for the purpose of performance of the agreement, as long as it is necessary for the performance of the agreement, and then for a period corresponding to the limitations period of claims. Unless a specific regulation provides otherwise, the limitations period is ten years and for claims concerning periodical performances and claims connected with conducting business activity – three years.
   2. If data are processed on the basis of a consent, as long as it has not been withdrawn, and after such withdrawal for a period of time corresponding to the limitations period of claims to be raised by the Controller and that can be raised against it. Unless a specific regulation provides otherwise, the limitations period is ten years and for claims concerning periodical performances and claims connected with conducting business activity – three years.
4. While using the Service, additional information can be gathered, especially: IP address assigned to the computer of the Service Recipient or external IP address of the Internet provider, name of the domain, type of browser, access time, type of the operating system.
5. Navigation data can also be collected from Service Recipients, including links and references they decide to click or other actions taken in the Service. The legal basis for such type of actions shall be the legitimate interest of the Controller (art. 6 par. 1 lit. f GDPR), consisting in facilitation of the use of services rendered electronically and improvement of functionality of such services.
6. Provision of personal data by the Service Recipient shall be voluntary.
7. Personal data shall also be processed in an automated way in form of profiling provided that the Service Recipient agrees thereto pursuant to art. 6 par. 1 letter a) GDPR. As a consequence of profiling a given person shall be assigned a profile for the purposes of making decisions concerning such person or for the purpose of analysis or anticipation of their preferences, behaviours and attitudes.
8. The Service Recipient shall have the right at any time to object as to the processing of their data in the scope referred to in clause 7 hereof, to provide information on the methods and the scope of profiling personal data and the right to delete, restrict, correct, rectify and transfer of personal data to another entity.
9. 9. The Controller shall exercise due care in order to protect interest of data subjects, especially ensuring that such date are:
   1. Processed lawfully,
   2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes,
   3. accurate and adequate in relations to the purposes for which they are processed and stored in the form which enables identification of data subjects, no longer than it is necessary for such purposes to be fulfilled.

§3. PROVISION OF PERSONAL DATA

1. Personal data of Service Recipients are transferred to service providers use by the Controller upon management of the Service. Service providers to whom personal data are transferred, depending on contractual arrangements and circumstances, are subject to the instructions of the Controller as to the purposes and methods of processing such data (processing entities) or specify purposes and methods of processing on their own.
2. Personal data of Service Recipients are stored exclusively in the territory of European Economic Area (EEA).

§4. RIGHT TO INSPECT, ACCESS AND CORRECT OWN DATA

1. A data subject shall have the right to access the content of its own personal data and the right to rectify, delete, restrict the processing of and transfer the data, the right to object, to withdraw consent at any time, without any impact on the conformity with the right of processing effected on the basis of the consent before its withdrawal.
2. Legal bases of demands of the Service Recipient:
   1. Access to data – art. 15 GDPR.
   2. Rectification of data – art. 16 GDPR.
   3. Right to erasure (the so-called right to be forgotten) – art. 17 GDPR.
   4. Restriction to processing – art. 18 GDPR.
      The Service Recipient shall have the right to demand that the processing of their personal data be restricted for a definite period or within specific scope.
   5. Transfer of data – art. 20 GDPR.
      To this effect one should contact the Controller and provide the name and address of an entity to which data are to be transferred as well as their scope. Data shall be transferred electronically after the Service Recipient has confirmed such demand.
   6. Objection – art. 21 GDPR.
      The Service Recipient shall have the right to object to the processing of their data both wholly or within specific scope.
   7. Withdrawal of consent – art. 7 par. 3 GDPR.
      The consent to process data can be withdrawn at any time without providing reasons for such withdrawal. The demand may refer to the consent withdrawal only with reference to the specific purpose or all purposes of personal data processing.
3. In order to exercise rights referred to in clause 2, a relevant e-mail message can be sent to the address: kontakt@desktomy.pl or a written demand to the address: Konduktorska 33, 40-155 Katowice. Such message should contain as much information as possible as regards the object of the demand, especially it should specify the right the Service Recipient is willing to exercise pursuant to clause 2 hereof and the contact details. Such information will facilitate and accelerate the motion to be considered by the Controller.
4. If the Service Recipient applies for their right to be exercised resulting from the aforementioned rights, the Controller meets or refuses to meet such demand (clause 6 hereof) immediately, however no later than within one month after receiving it. However, if due to the complicated nature of such demand or the number of demands the Controller will not be able to meet the demand within one month, it shall meet the demand within next two months, informing the Service Recipient within one month of receiving the demand of intended extension of the aforementioned time limit and the reasons for such extension.
5. If personal data processing is found to breach GDPR regulations, a data subject whose data are processed shall have the right to lodge a complaint to the President of the Personal Data Protection Office.
6. The right to erase the data (the „right to be forgotten”) pursuant to art 17 par. 1 and 2 GDPR shall not apply in the scope in which processing is necessary to:
   1. exercise the right to freedom of speech and information,
   2. fulfil legal obligation which requires processing on the basis of the EU laws or the law of a Member State to which the Controller is subject or to carry out the task performed in the public interest or as part of exercising public power entrusted to the Controller,
   3. due to the public interest in the area of public health pursuant to art. 9 par. 2 letter h) and i) and art. 9 par. 3 GDPR,
   4. for archiving purposes in the public interest, for scientific or historical research or for statistical purposes pursuant to art. 89 par. 1 GDPR, provided that it is probable that the right referred to in par. 1 art. 17 GDPR will prevent or materially impede performance of purposes of such processing; or
   5. establish, assert or protect claims.

§5. „COOKIES”

1. The website of the Controller uses „cookies”.
2. Installation of „cookies” is necessary for the proper provision of services on the website of the Service. „Cookies” include the information necessary for proper operation of the website and also enable to prepare general statistics.
3. The website uses two types of „cookies”: „session” and „permanent” cookies.
   1. Session cookies are temporary files which are stored in the device of the Service Recipient until logging out (leaving the site).
   2. Permanent cookies are stored in the device of the Service Recipient for the period of time specified in the parameters of „cookies” files or until they are deleted by the Service Recipient.
4. The Controller uses own cookies in order to better understand the method of interactions between the Service Recipients in the scope of the content of the site. Files gather the information on the method of using the Internet site by the Service Recipient, type of the site from which the Service Recipient was directed and the number of visits and the time of visit of the Service Recipient on the website. The information does not register concrete personal data of the Service Recipient but they are used to prepare statistics of using the site.
5. The Service Recipient shall have the right to decide on the scope of access of „cookies” to their computer by way of a prior choice in the window of their browser. Detailed information concerning possibilities and methods of handling „cookies” are available in the software’s settings (the Internet browser).
6. The Service Users can change at any time settings concerning cookies. Such settings can be changed in particular to block automatic handling of cookies in the settings of the Internet browser or to inform each time they are enabled in the user’s device. Failure to change settings related to cookies means that they will be put in the user’s device, therefore we will store the information about such device of the user and get access to such information.
7. If you decide to disable cookies, it may result in problems with using some services as part of the Service, especially those requiring logging.

§6. FINAL PROVISIONS

1. The Controller implements appropriate technical and organisational measures to ensure personal data protection relevant in terms of threats and categories of data covered by insurance, and in particular protects data against access of unauthorised persons, taking by an unauthorised person, processing with violation of the applicable laws, and the change, loss, damage or destruction.
2. The Controller provide relevant technical measures preventing attraction and modification by unauthorised parties, personal data sent electronically.
3. The provisions of the Polish law and GDPR shall be applied in issues not governed by this Privacy Policy.