Privacy Policy
Privacy Policy
Last updated: March 20, 2024. Download the PDF version here.
This Privacy Policy is for information purposes and serves satisfaction of the disclosure requirements imposed on us as the data controller under the GDPR, i.e. Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
The Privacy Policy is linked to our Terms of Service. Any capitalised words in the Privacy Policy have the meanings assigned to them in the Terms of Service.
Any user of Certifier should become acquainted with the Privacy Policy. The Privacy Policy determines the rules for processing personal data of persons using Certifier and using cookie files and other tracking technologies used in connection with the operation of Certifier.
1. PERSONAL DATA CONTROLLER
1.1. The controller of the personal data of the users of Certifier (“Users”) is Certifier sp. z o.o. with its registered office in Krakow (31-124), Dolnych Młynów 3/1, entered in the register of entrepreneurs of the National Court Register (KRS) under number KRS: 0000863560, Tax Identification Number NIP: 6762586390, National Business Registry Number REGON: 38724280300000, share capital of PLN 107,550 (“we,” “our,” etc.).
1.2. In any matters concerning the protection and processing of personal data, the Users may contact us by e-mail at gdpr@certifier.io or at the abovementioned local address.
1.3. As the controller, we process only the personal data of the Users – our clients (persons who set up an Account) and people who visit our website (including, use the chat or other forms of contact). Within Certifier, we also conduct other processes related to personal data processing, involving in particular the Recipients’ personal data. With regard to those data, we act as a processor, while the respective User is their controller, being responsible for their acquisition and processing in accordance with the law, as well as fulfilment of the disclosure requirement towards the Recipients.
1.4. If, as a Recipient, you are in doubt as to why your personal data are being processed within Certifier, you may contact the User directly or you may refer to us using the data indicated above – we will forward your inquiry or complaint to the relevant User.
2. DATA PROCESSING METHOD
2.1. The scope and purposes for which we process the personal data of individual Users depend on the scope of the consents and the data provided by the data subject in the registration form, contact form, or other forms available within Certifier.
2.2. We may process, in particular, the following categories of data: i) first name; ii) last name; iii) Google identifiers; (iv) e-mail address; (v) details of payments and performed transactions; (vi) IP address; (vii) company name and other details of the pursued business activity; (viii) identification data of the User’s employer/principal (to the extent that the User acts within Certifier on behalf of his/her employer/principal).
2.3. Detailed information on the scope of data processed for individual purposes is presented in the table below.
2.4. Providing personal data is voluntary, but failure to provide the personal data marked in the form (in particular in the Account registration form) as obligatory will prevent the use of all functionalities of Certifier. Due to the nature of actions taken up by us through Certifier, they cannot be provided anonymously.
2.5. In some cases, we may transfer your personal data to a third country (beyond the European Economic Area) - the USA. In such a case, transfer will be made based on the Data Privacy Framework, only to entities entered on the appropriate list. We do not transfer personal data to third countries other than the USA.
2.6. As part of Certifier, we don’t process the Users’ personal data for the purpose of automated decision-making.
2.7. We may make profiling, for marketing purposes, i.e. for the purpose of presenting the User our offer of products and services tailored to his/her needs. In the scope in which User’s personal data are subject to profiling, the User is entitled to object to such activities, while in the scope in which the basis for processing is User’s consent, the User is entitled to revoke such consent.
2.8. Personal data of the Users will be processed for the following purposes:
| Purpose | Scope of Data | Legal Basis | Processing Period |
|---|---|---|---|
| Providing access to Certifier | IP address | Article 6(1)(b) of the GDPR – processing is necessary for performance of the Agreement to which the data subject is a party or undertaking actions upon request of the data subject prior to conclusion of the Agreement | Until the lapse of the period of limitation of claims connected with providing access to Certifier |
| Registering in Certifier, setting up the Account, providing the possibility of logging in to Certifier | IP address, e-mail address, first and last name, Google identifiers | Article 6(1)(b) of the GDPR – as above | Until the lapse of the period of limitation of claims connected with making the functionalities available within Certifier in the scope of the possibility to log in |
| Enabling the use of the functionalities of Certifier | IP address, e-mail address, first and last name, details related to the pursued business activity, details of the employer/principal, payment and transaction details, other data provided voluntarily within the Certifier functionalities | Article 6(1)(b) of the GDPR – as above | Until the lapse of the period of limitation of claims connected with the User’s use of the functionalities of Certifier |
| Enabling payment for the Certifier Services | First and last name, e-mail address, payment details, and transaction details, details of the employer/principal, Tax ID | Article 6(1)(b) of the GDPR – as above | Until the lapse of the period of limitation of claims connected with the use of the Certifier functionalities provided against charge |
| Providing access to the Certifier for team members of the User | E-mail address, first and last name | Article 6(1)(f) of the GDPR - our legitimate interest as the controller that consists in performance of the agreement concluded with the User with whom the team member cooperates | Until the lapse of the period of limitation of claims connected with the team member use of the functionalities of Certifier |
| Contact via e-mail with the data subjects, responding to e-mail messages | E-mail address, other data provided voluntarily in the form or an e-mail message | Article 6(1)(f) of the GDPR – our legitimate interest as the controller that consists in responding to queries and correspondence provided directly by the data subjects | Until correspondence ends or the data subject objects |
| Contact using the chat operating within Certifier | Data provided voluntarily within the chat | Article 6(1)(f) of the GDPR – legitimate interest of the controller that consists in responding to queries and correspondence provided directly by the data subjects | Until correspondence ends or the data subject objects |
| Maintaining payment history | First and last name, e-mail address, details identifying the transactions and payments, details of the employer/principal, Tax ID | Article 6(1)(c) of the GDPR – satisfaction of the obligations resulting from legal provisions, in particular under tax law | For the duration of the obligation to be able to verify completed transactions |
| Analysing traffic within Certifier, conducting analyses and statistics | IP address, cookies accepted by the User | Article 6(1)(a) of the GDPR – consent given by the data subject | Until data cease to be useful or the data subject withdraws the consent |
| Sending content referring to Certifier, including of a commercial and marketing nature, to the Users | E-mail address, other personal data provided by the User in the Certifier forms | Article 6(1)(f) of the GDPR – our legitimate interest that consists in sending marketing and commercial content upon consent of the relevant person | Until the data cease to be useful or the data subject objects or withdraws the consent to receive marketing content |
| Seeking claims, protecting against claims | Any data collected by us in the course of interactions with the User, to the extent that they are actually necessary to seek or protect against claims | Article 6(1)(f) of the GDPR – our legitimate interest that consists in the ability to seek claims from the Users and protect ourselves against claims raised towards us | Until the data cease to be useful (lapse of the period of limitation of claims, which is usually 2 years) |
3. RECIPIENTS OF DATA
3.1. We may entrust the processing of the Users’ personal data to third parties for the purpose of the performance of activities connected with our operation. The recipients of the User’s data may involve in particular: provider of hosting for Certifier, e-mail operator, software development company, provider of the service connected with sending e-mails, accounting firm, law firm, entity providing execution of payments within Certifier, entities handling User service.
3.2. The personal data collected by us may also be disclosed to competent state bodies or institutions (law enforcement authorities, courts, security service) authorised to gain access to them on the basis of respective generally applicable legal provisions, or other persons and entities – in the cases prescribed by the generally applicable legal provisions.
3.3. Each entity to which we transfer personal data for processing on the basis of a personal data transfer agreement (“data transfer agreement”) guarantees the adequate level of security and confidentiality of the processing of personal data. An entity processing personal data on the basis of the data transfer agreement may process personal data through another entity only upon our prior written consent.
3.4. Personal data may be disclosed to unauthorised entities under this Privacy Policy only upon the User’s prior consent.
4. RIGHTS OF DATA SUBJECT
4.1. Each data subject has the right to: (a) remove the collected personal data referring to that person; (b) restrict personal data processing; (c) portability of personal data, including the right to receive them in a structured form; (d) request access to his/her personal data and rectify them, (e) object against personal data processing; (f) withdraw the consent given to us at any time without affecting the legality of the personal data processing carried out on the basis of the consent before it is withdrawn; (g) file a complaint against us to the supervisory authority (President of the Polish Personal Data Protection Office [Urząd Ochrony Danych Osobowych]).
5. OTHER DATA
5.1. We may store http enquiries, therefore the files containing web server logs may store certain data related to the Users, including the IP address of the computer sending the enquiry, the name of the User’s station – identification through http protocol, date and system time of registration in Certifier and receipt of the enquiry, number of bytes sent by the server, the URL address of the site visited by the User before (if the User has entered Certifier through a link), information concerning the User’s browser, information concerning errors occurred by the realization of the http transaction. Web server logs may be collected for the purposes of the proper administration of Certifier. Only persons authorised to administer the IT system have access to the data referred to above. Files containing web server logs may be analysed for the purpose of preparing statistics concerning traffic on Certifier and occurring errors. A summary of such details does not identify the User.
5.2. We may use analytics tools as part of which it has access to anonymised information on the Users, including: information on the operating system and Internet browser used by the User, time spent on Certifier, the User’s age range, the User’s gender, the User’s approximate location, the User’s interests determined on the basis of his/her activity in the Internet. The details referred to in the preceding sentence are not combined with the Users’ personal data, do not enable their identification, and are not personal data within the meaning of the GDPR. More information regarding those analytics tools and their providers can be found in our Cookie Policy.
6. SECURITY
6.1. We take care of the security of the Users’ personal data. For this purpose, we have implemented appropriate safeguards and means of protection of personal data, taking into account the risks connected with the processes related to personal data processing. In particular, we apply technological and organisational means in order to secure personal data against being disclosed to unauthorised persons, taken over by an unauthorised person, changed, lost, damaged or destroyed, as well as processed in violation of the GDPR by using, among other things, SSL certificates. The compilations of the personal data collected by us are stored on secured servers, moreover, personal data are also secured by our internal procedures related to the processing of personal data and the information security policy.
6.2. Irrespective of the foregoing, we state that using the Internet and services provided by electronic means may pose a threat of malware breaking into the ICT system and device of the relevant person, as well as a third party gaining access to data, including personal data. In order to minimise such threats, each person should use appropriate technical safeguards (antivirus programs) or programs securing identification in the Internet.
7. COOKIES
7.1. For the purposes of correct operation of Certifier, we use cookie files (“Cookies”). Cookies are text information recorded on User’s device (computer tablet, smartphone) that may be read by the ICT system of Certifier or third parties.
7.2. We use two types of cookies: (a) session cookies, which are permanently deleted upon closing the session of the User’s browser; (b) permanent cookies, which remain on the User’s device after closing the session until they are deleted.
7.3. It is not possible to determine the identity of the User or otherwise identify the User on the basis of Cookie files, whether session or permanent. Cookies prevent the collection of any personal data.
7.4. Files generated directly by us may not be read by other websites. Third-party Cookies (i.e. Cookies provided by the entities we co-operate with) may be read by an external server.
7.5. The user may individually change the Cookie settings at any time, stating the conditions of their storage, through the Internet browser settings or configuration of the service within Certifier.
7.6. The user may individually disable storing Cookies on his/her device at any time in accordance with the instructions of the Internet browser producer, but this may disable certain parts of or the entire operation of Certifier.
7.7. The User may individually remove Cookies stored on his/her device at any time in accordance with the instructions of the Internet browser producer.
7.8. We use own Cookies for the following purposes: authentication of the User on Certifier and maintaining the User’s session; configuration of Certifier and adjustment of its content to the preferences or conduct of the User; analysis and research of views, including click number and path taken by the User on Certifier to improve its appearance and organisation of content, time spent on Certifier, the number of Users and frequency of visits on Certifier.
7.9. We use Third-party Cookies for the purposes indicated in our Cookie Policy.
7.10. Details concerning Cookie support are available in the settings of the browser used by the User.
Documents
Security that scales with your business
Certifier scales with you, providing secure administration, authentication, and permissions infrastructure as you grow.