Legal Documents
All documents were updated on August 28, 2021
Privacy policy
shall apply from 15 October 2020
This privacy policy describes the principles of processing personal data of the Users of the https://certifier.io, https://app.certifier.io, https://claim.certifier.io website (hereinafter referred to as the "Service"), accepted by the data controller, i.e:
Certifier spółka z ograniczoną odpowiedzialnością with its registered office in Kraków, ul. Grodzka 42/1 31-044, Kraków, entered into the National Court Register under KRS number 0000863560, NIP 6762586390 and REGON 38724280300000 (hereinafter: "Certifier" or "Administrator").
Correspondence address: Kraków 31-044 Grodzka 42/1 Street
Data protection officer: Serhii Butko
E-mail: sergey@certifier.io
This Privacy Policy is an expression of concern for the rights of persons visiting the Service and using the services offered through it. It is also a fulfillment of the information obligation resulting from Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: TODO), including in particular Article 13 of the TODO.
Type of data processed, legal basis, purpose and scope of processing:
The data controller processes Users’ personal data for the purposes and principles described below:
1. Conclusion and performance of a contract
In order to conclude and perform the contract, Certifier processes the following data: name and name, company name, NIP (VAT) number, address, e-mail address, telephone number, website address.
The data are processed by Certifier on the basis of a prerequisite of necessity in order to perform the contract or to take action at the request of the data subject prior to the conclusion of the contract referred to in Article 6 paragraph 1 point b) of the TYPE.
In this case the data may also be processed when it is necessary to fulfil a legal obligation imposed on the Administrator, for example when the access to personal data is requested by an authorised state authority, pursuant to Article 6 paragraph 1 point c) of the TCO and for the purpose of claiming and defending against contractual claims, on the basis of the prerequisite of necessity for the purposes resulting from the legitimate interests of the controller, pursuant to Article 6 paragraph 1 point f) of the TCO
2. Start of the free trial period, use of the contact form
In order to order a presentation about Certifier’s services and products or to use the contact form, the following data is required: name and name, e-mail address and telephone.
In order to take advantage of the free trial period of the Certifier service, the following data is required: name and e-mail address.
The data shall be processed by Certifier in order to answer an enquiry, make the Certifier service available during a free test period or send an ordered presentation, on the basis of a prerequisite of indispensability for the performance of the agreement or taking action at the request of the data subject prior to concluding the agreement referred to in Article 6 paragraph 1 point b) of GOVERNMENT.
3. Use of the user panel
A user who has the Certifier service may manage the service by logging in to the user panel located on the Site. In order to log in, the User shall provide his e-mail address and password. The data indicated in the user’s panel are processed by Certifier on the basis of a prerequisite of indispensability in order to perform the agreement or take action at the request of the data subject before concluding the agreement referred to in Article 6(1)(b) of the TIPS.
4. Newsletter / commercial information transmission
To use the newsletter, you must indicate your e-mail address. Data processing by Certifier is carried out in order to send commercial information by electronic means. The legal basis for the processing is the previously granted consent, pursuant to Article 6(1)(a) of the TOP, which may be withdrawn at any time.
5. Other cases of data processing
In case the Administrator obtains information about User’s use of the Service in a manner contrary to the applicable law or the Service Regulations, the Administrator may process User’s personal data also for the purpose and to the extent necessary to establish User’s liability and protect his or her justified rights and claims, according to art. 6.1.f) of the GDR, i.e. for the purposes resulting from the legally justified interests of the Administrator.
Time and form of data processing
Personal data processed by the Administrator in connection with the conclusion and performance of the contract for the provision of services shall, as a rule, be processed for the duration of the said contract. However, the data may be processed after the termination of the agreement if it is justified by the applicable law (e.g. for tax or accounting purposes), and to the extent necessary, the data may be processed until the expiry of any claims related to the concluded agreement.
Personal data processed in connection with the use of the contact form shall be processed until the Administrator answers an enquiry sent via the contact form. Personal data processed in connection with the use of the electronic service user panel shall be processed until the account is deleted.
The processing of personal data on the basis of the consent given will take place until the User’s consent is withdrawn.
The majority of personal data is processed by Certifier in electronic form, on servers belonging to Certifier and on servers leased from third parties, as well as on company computers, external drives and mobile devices. Some personal data may be processed in a paper form.
Data recipients
The transfer of data to third parties is always carried out in accordance with the law, on the basis of a personal data processing entrustment agreement concluded, which indicates the purposes of processing specified by Certifier. The entities to which we entrust the processing of personal data are obliged to protect them in the same way as Certifier does.
The recipients of your personal data may be entities with which Certifier cooperates in order to provide services. These may be entities providing maintenance services for certifier.io and entities providing IT services for the Administrator, as well as providers of external systems supporting the Administrator’s activity, and entities providing accounting and legal services for Certifier. When making electronic payments, they may also be entities handling electronic payments.
In connection with Certifier’s use of software provided by Google, data may also be transferred to Google LLC. However, they are located on servers located within the European Union.
Users’ personal data may be disclosed to third parties where such disclosure is required by applicable law.
Voluntary provision of data
Providing personal data is voluntary, however, failure to provide the data may prevent Certifier from concluding the agreement and providing services to the User, answering the sent enquiry or sending commercial information.
Users’ rights
In accordance with Articles 15 to 22 TYPE, each user has the following rights:
1. Right of access to data
The data subject shall be entitled to obtain from the Controller confirmation whether or not personal data concerning him or her are being processed and, if so, shall be entitled to access them. Pursuant to Article 15 of the TYPE, the controller shall provide the data subject with a copy of the personal data subject to be processed.
2. Right to rectify data
The data subject has the right to demand from the Administrator the immediate correction of incorrect personal data concerning him/her.
3. Right to delete data ("right to be forgotten")
The data subject has the right to demand from the Administrator the immediate deletion of personal data concerning him/her, and the Administrator is obliged to delete the personal data without undue delay if one of the following circumstances occurs:
a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
b) the data subject has withdrawn the consent on which the processing is based;
c) the data subject has lodged an objection pursuant to Article 21(1) of the TYPE to the processing and there are no overriding legitimate grounds for processing. The above entitlement also applies to recordings of telephone conversations made with the User.
4. The right to limit the processing
The data subject has the right to request the controller to restrict the processing in the following cases:
a) when the data are inaccurate, until they are rectified;
b) the data subject has lodged an objection pursuant to Article 21(1) of the FDB to the processing, until it has been established whether or not the data controller’s legitimate interests prevail over the data subject’s grounds for objection;
c) the processing is unlawful and the data subject objects to the erasure of the personal data, requesting instead a restriction of their use.
### 5. Right to data portability
The user has the right to receive his personal data, previously provided to the Administrator, in a structured, commonly used format, and has the right to send this personal data to another administrator if the processing is carried out on the basis of the consent given or in connection with a contract concluded, for the performance of which it was necessary to process the personal data, or if the processing is carried out in an automated manner. Exercising the right to transfer the data, the User has the right to demand that the personal data be sent directly to another controller, if it is technically possible.
The right to transfer personal data concerns personal data processed in IT systems (i.e. in an automated manner). The right of transfer applies to data processed in information systems in connection with the data subject’s use of services or devices (e.g. login history).
6. Right to object
Where personal data are processed for the purposes of direct marketing, the data subject has the right to object at any time to the processing of personal data concerning him/her for the purposes of such marketing, including profiling, to the extent that the processing is related to direct marketing.
7. Right to withdraw consent
If the processing of data takes place on the basis of previously granted consent, the User has the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing carried out before the withdrawal of consent.
8. Right to lodge a complaint with the supervisory authority
If there is a suspicion that personal data is being processed in violation of the PDPA, the User has the right to lodge a complaint with the President of the Office for Personal Data Protection about illegal processing of his/her personal data.
Exercise of Users’ rights
You may exercise your rights by sending a request to sergey@certifier.io.
The request, for the purpose of correct identification, should be sent from the e-mail address from which registration was made. The request may also be submitted by mail - by sending it to Certifier’s mailing address.
Requests are considered by the Administrator immediately, but not later than within one month from the date of receipt. This period may be extended by another two months due to the complicated nature of the request or the number of received requests. In such a case, the Administrator shall inform the User about such an extension of the deadline, giving the reason for the delay.
Data update
Each User of the Service is obliged to update previously entered personal data in case of change. In order to update or correct personal data, please send information by e-mail or post to the Administrator’s address. The User will be notified by Certifier about the update of data.
Security
The service is equipped with security measures aimed at protecting personal data under the Administrator’s control against loss, misuse and modification. The Administrator also has relevant documentation and has implemented appropriate procedures related to personal data protection in its enterprise.
The Administrator ensures that it protects any disclosed information in accordance with applicable regulations and security standards, in particular:
a) personal data collected by the Administrator are directly accessible only by authorized employees or associates of the Administrator and authorized persons dealing with servicing the Service who have been granted appropriate authorisations;
b) the Administrator declares that by commissioning other entities to provide services, the Administrator requires from partners to ensure appropriately high standards of protection of the entrusted personal data, signing relevant entrustment agreements, in which partners confirm the application of the standards and the right to control the compliance of these entities with these standards;
c) in order to ensure proper protection of the services provided, the Service has been equipped with the SSL protocol, which allows secure and effective encryption of the data sent between the User and the Server.
Due to the public nature of the Internet, the use of services provided by electronic means may involve risks, regardless of the Administrator’s due diligence.
Network server logs and IP addresses
If the User visits the Website, Certifier automatically collects queries sent to the server where the Website is located. Each query is saved in the server logs.
The web server automatically recognizes certain information, such as the User’s IP address, date and place of visiting the Site, data of the website from which the User accessed the Site, type of web browser used, type of operating system used and domain name and address of the User’s website operator.
However, the data recorded in the server logs are not associated with specific Users and are not used by Certifier to identify them. The server logs are only auxiliary material used to administer the Website.
The Administrator may also collect information about the User’s IP address. IP addresses are used as part of the information contained in the aforementioned network server logs and for technical purposes.
Final provisions
The Administrator of the Service reserves the right to change this privacy policy, while undertaking to immediately publish a new privacy policy on the pages of the Service and to inform registered Users of this fact.
The Administrator reserves the right to make changes, withdraw or modify the functions or properties of the Service, as well as cessation of activities, transfer of rights to the Service and perform all legal actions permitted by applicable law.
We make every effort to ensure a high level of security in the use of our Service. Please report any disturbing events affecting the security of information and data transmission to our e-mail address: sergey@certifier.io.
