Этот сайт для надлежащей работы требует браузера с поддержкой технологии JavaScript.
Возможно, что Ваш браузер не поддерживает этой технологии.

Политика конфиденциальности

Data Protection Officer
at company SANKOM Sp. z o.o.
with its registered office in Warszawa
Agnieszka Kondel
e-mail: inspektor@sankom.net

 

Privacy Protection Policy
of the company SANKOM Sp. z o.o.
with its registered office in Warszawa

 

This Privacy Protection Policy (hereinafter referred to as: the Policy) establishes principles for the processing of personal data by the company SANKOM Sp. z o.o. with its registered office in Warszawa (hereinafter referred to as: the Companythe Administrator or SANKOM) and constitutes the fulfillment of the information obligation as stated in Art. 13 (1) and (2) of the EU Regulation 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC: General Data Protection Regulation, hereinafter: GDPR (RODO).

The principles concerning data processing within the cookie files have been detailed here: http://ru.sankom.net/privacy-policy. SANKOM only uses such cookie files which are necessary for correct operation of the own SANKOM website, which does not require obtaining any additional consents.

  1. GENERAL PROVISIONS

1.1 The purpose of this Policy is an assessment of actions undertaken by the Company regarding personal data of natural persons, processed by the Company in order to provide information concerning offered products or services, placing an enquiry regarding products or software offered by the Company, registration for trainings, establishing business contacts or the Company’s recruitment actions. This Policy constitutes valid declaration with regard to the purpose of personal data processing and the rights data subjects are entitled to.

1.2 Natural persons share their personal data with the Administrator using contact forms available at http://pl.sankom.net/, and also when subscribing to the newsletter, in e-mail correspondence, written letters or during phone conversations and when concluding contracts.

1.3 Terms. Whenever this Policy refers to:

  1. ”GDPR”: this signifies EU Regulation 2016/679 of the European Parliament and of the Council of 27th April on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC: (General Data Protection Regulation),
  2. ”Users”: this signifies natural persons, in this: clients – actual or potential, business partners, parties to agreements concluded with the company SANKOM, contractors – i.e. data subjects,
  3. ”Cookies”: this signifies digital files shared by visited internet websites with a computer or another device (e.g. tablet, smartphone) and stored in mass memory of such a device (in this on the computer’s hard drive),
  4. ”Administrator”: this signifies the company SANKOM Sp. z o.o. with its registered office in Warszawa at ul. J. P. Dziekońskiego 3, 00-728 Warszawa, as the entity determining the purposes and methods for data processing,
  5. ”Apps and software sponsors”: signifies entrepreneurs – owners and sponsoring entities of a particular version or versions of the branded (sponsored) software. End users, when downloading and installing sponsored apps, consciously grant consent for processing personal data by the sponsor of this app. Detailed info on the sponsor and the content of consents are available in appropriate order forms, and also in the end user agreement. Sponsored applications and information concerning sponsors are published at SANKOM’s homepages. Ordering a sponsored version and consenting to processing personal data is completely voluntary. End users have an alternative option of purchasing the software, in which personal data is processed entirely for the requirements of executing this particular order.
  6. ”Supervising authority” signifies the President of Personal Data Protection Office (PUODO), seated at ul. Stawki 2, 00-193 Warszawa,
  7. ”Participant” signifies a person, in particular a participant of the Company’s training workshops, as well as a natural person participating or intending to participate in a recruitment action conducted by the Administrator, or any future recruitment action conducted by the Administrator, or the one who – in the past – explicitly granted their consent to store their personal data in the database of participants.
  1. INFORMATION CONCERNING DATA ADMINISTRATOR AND DATA PROTECTION OFFICER

2.1 The administrator of personal data of natural persons, processed via the Company’s internet homepage, as well as personal data of natural persons contacting the Company via available contact forms, e-mail, as well as contact phone numbers made available at the homepage, as well as personal data of clients and business partners, is the Company SANKOM Sp. z o.o. with its registered office in Warszawa, at ul. J. P. Dziekońskiego 3, 00-728 Warszawa, entered into the register of entrepreneurs of the National Court Register under the KRS number: 0000190662, NIP (tax identification number): 5222574721.

2.2 Contact the Administrator regarding any issues concerning protection of your personal data, at any given time:

  1. by sending a letter to the Administrator at the following address: J. P. Dziekońskiego 3, 00-728 Warszawa,
  2. by sending an e-mail to: inspektor@sankom.net or info@sankom.pl.

2.3 The Company’s Data Protection Officer is Agnieszka Kondel. Please contact our Data Protection Officer at: inspektor@sankom.net.

2.4 If you wish to:

  1. contact the Administrator regarding any issues concerning protection of your personal data,
  2. submit a question concerning personal data, the way its processed by the Administrator, or submit comments regarding the Company’s Policy,
  3. exercise your legal rights regarding processing your personal data by the Company SANKOM Sp. z o.o. as its Administrator,

please contact the Company via an e-mail or in writing, using contact data detailed in Section 2.2.

  1. SCOPE OF PERSONAL DATA PROCESSED BY THE ADMINISTRATOR

3.1 The term ”personal data” signifies any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular via reference to an identifier such as a full name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Such identifiers include: an IP address, form of address, name and surname, address, e-mail address or phone number.

3.2 The Company SANKOM Sp. z o.o. processes personal data originating at, as follows:

  1. prospective employees – to conduct recruitment actions with relation to available employment vacancies in the Company,
  2. persons participating in product trainings organized by the Company SANKOM Sp. z o.o. – to acknowledge prospective clients with details concerning products offered by the Company, as well as to advise on operation of the purchased software, or in cases of software updates,
  3. clients, business partners, and also personal data of their employees, associates, representatives, commercial proxies, management board members, as well as persons acting on behalf of business- and commercial partners: name and surname, e-mail address, employment position, phone number, and data of companies they represent, with regard to arrangements required to conclude contracts, and – ultimately – with regard to concluding agreements covering providing software licenses for the software products distributed by the Company,
  4. employees and business partners of the Company SANKOM Sp. z o.o. – for the purposes associated with regular employment, as well as B2B cooperation,
  5. persons who have granted their consent to communication with regard to direct marketing of the products of the Company SANKOM Sp. z o.o., and with marketing of the products offered by the apps and software Sponsors, receiving the newsletter, persons contacting the Company on the phone or in writing or via e-mails in order to provide commercial information,
  6. persons contacting the Company via dedicated forms, to enable the first contact, registration to trainings, undertaking actions with regard to concluding contracts, submitting comments or remarks, or exercising their rights as understood by GDPR’s Articles 15-21.

3.3 The internet website forms made available by the Company SANKOM Sp. z o.o. with its registered office in Warszawa, in this the contact form, do not serve the purpose of conducting private correspondence unrelated to the subject of business activity of the Administrator. SANKOM Sp. z o.o. reserves the right to filter and block messages, especially the ones of the spam nature, of the prohibited content or otherwise posing a danger to the Company.

3.4 Personal data referred to in Section 3.1 may become the subject of transfer to a third country or an international organization (outside the European Economic Area (EEA)). Personal data may be transferred to app and software Sponsors originating out of EEA – regarding the use of the sponsored version of the software. Software sponsors are obliged to observe the GDPR provisions under license agreements related to sponsored software versions. Every time the client’s personal data is made available to an app or software Sponsor, the client is informed with regard to this activity, and also about which country the Sponsor’s headquarters is registered in. Personal data may only be transferred to such third countries or subjects, where data is protected at an equivalent level as in the EU, as confirmed with an adequacy decision issued by the European Commission. The list of third countries – subjects of such adequacy decisions of the European Commission, concerning equivalent levels of data protection, is available at: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en#relatedlinks. In case no such an adequacy decision of the European Committee has been issued, confirming equivalent levels of data protection as assessed in GDPR’s Art. 45 Section 3, personal data may become the subject of transfer to a third country entirely on the basis of: binding corporate rules, standard data protection provisions adopted by the European Committee, standard data protection provisions adopted by a Polish supervisory authority and authorized by the European Committee, approved code of conduct or approved certification mechanism (as in GDPR’s Art. 46). In case no such an adequacy decision of the European Committee has been issued, confirming equivalent levels of data protection as assessed in GDPR’s Art. 45 Section 3, or lack of adequate protection as assessed in GDPR’s Art. 46, in this binding corporate rules, the Company shall acquire a consent of the client or software user regarding the transfer of their data to a third country or an international organization.

3.5 Personal data acquired for the purposes of specific actions, such as e.g. sales, distribution or registration of apps and software, in this sponsored versions (via appropriate agreements), as well as undertaking marketing actions, is transferred to other recipients (Sponsors) with preservation of rules detailed in Section 3.2, and the users shall be informed of this during data acquisition and shall grant their consent to such actions.

3.6 Regarding cost-free product sharing by SANKOM Sp. z o.o. concerning software offered in trial versions, business software or educational software, software share shall proceed after the client or user has granted their consent to contact for marketing purposes. The client shall transfer personal data for the marketing purposes in an exchange for cost-free product share of the Sankom Sp. z o.o.’s software and this action shall proceed in accordance with Directive (EU) 2019/770 of the European Parliament and of the Council of 20th May 2019 on certain aspects concerning agreements for the supply of digital content and digital services (so called Directive 2019/770).

3.7 If the client or user does not grant consent to transfer their personal data for the marketing purposes as a required condition of cost-free software share of a trial version, business or educational version of the SANKOM Sp. z o.o.’s software, the client or user has an alternative option to purchase the software at usual market rates with no requirement to transfer personal data for marketing purposes. The above provision refers entirely to the obligation of data share in case of the purchase of software, and does not apply to personal data processed by SANKOM Sp. z o.o. for the requirements of the conclusion of the agreement and execution of the sale, and refers entirely to data processed for the purposes of direct marketing.

  1. INFORMATION CLAUSE FOR JOB APPLICANTS

4.1 The Administrator of personal data processed for the purposes of the recruitments actions is the Company SANKOM Sp. z o.o., seated at ul. J. P. Dziekońskiego 3, 00-728 Warszawa. Please direct your enquiries concerning matters related to personal data processed by the Administrator to addresses detailed in Section 2.2 of this Policy.

4.2 If a CV is transferred to the Administrator containing a wider range of data than detailed in Art. 22 (1) of the Polish Labour Code, this simultaneously constitutes a consent granted to the Administrator to process this data for the purposes of conducting the recruitment action, regardless of the preferred legal basis of the employment. The consent to process this data can be withdrawn at any time. The withdrawal of consent does not affect the lawfulness of the data processing based on this consent prior to its withdrawal.

4.3 Personal data acquired within an ongoing recruitment action shall be processed:

  1. for the recruitment action aimed at granting agreement employment: in order to fulfill the legal obligations bound to the recruitment action, in this primarily the regulations of the Polish Labour Code – the legal basis of data processing is the legal obligation incumbent on the Administrator (as in GDPR’s Art. 6 Section 1 (b) and (c), with regard to the regulations of the Polish Labour Code – i.e. Labour Code’s Art. 22 (1)),
  2. for the recruitment action aimed at granting a civil law agreement employment: the legal basis of processing data provided in application documents is undertaking actions prior to concluding the said agreement (as in GDPR’s Art. 6 Section 1 (b)),
  3. for the purposes of conducting future recruitment actions, in this including in the database of applicants, in case of granting consent for processing personal data in this respect and in case of providing personal data in the range wider than assessed in the Labour Code’s Art. 22 (1) par. 1, the legal basis of processing personal data is the applicant’s consent (as in GDPR’s Art. 6 Section 1 (a)),
  4. to establish or pursue possible claims or defend against such claims by the Administrator, the legal basis for processing personal data is the legitimate interest of the Administrator (as in GDPR’s Art. 6 Section 1 (f)).

4.4 The recipients of data are business entities providing recruitment services on behalf of the Administrator and other supporting services, i.e. providers of IT systems and services (e-mail hosting and database systems), postal operators, couriers, law offices – in case of possible litigation.

4.5 Personal data acquired for the purposes of the recruitment action will be processed until the end of this currently ongoing recruitment action and selection of a suitable applicant or applicants by the Administrator, and within the range this data is processed on the basis of the granted consent – until such a consent has been withdrawn, wherein – in case of granting consent to process personal data for the purposes of future recruitment actions – the data shall be processed no longer than for 2 years. The period of processing may become prolonged each time it is required, for the period of limitation of potential claims, if processing personal data is essential to establish or pursue potential claims or defence against such claims by the Administrator.

4.6 The consents referred to in above sections may be withdrawn at any time. The withdrawal of consent does not affect the lawfulness of the data processing based on this consent prior to its withdrawal. The Administrator requests execution of potential withdrawals in writing or by e-mails directed at addresses given in Section 2.2 of this Policy.

4.7 In terms of rights originating from GDPR, job applicants are entitled to rights detailed in Section 10 of this Policy.

4.8 Sharing data in the range assessed by the Polish Labour Code’s Art. 22 (1) is obligatory:

  1. for an agreement of employment – by regulations, in this primarily the Polish Labour Code. One consequence of non-sharing personal data is impossibility to include the applicant’s candidacy in the recruitment action,
  2. for a civil law agreement employment – by the Administrator. One consequence of non-sharing personal data is impossibility to include the applicant’s candidacy in the recruitment action.

Sharing other data is voluntary.

4.9 Personal data of job applicants may become a subject to profiling (however no automated decision making is applied) to select optimal applicants to match the requirements of the client – Administrator with regard to: education, capabilities, financial requirements and employment conditions.

  1. INFORMATION CLAUSE FOR PARTICIPANTS OF TRAININGS

5.1 The Administrator of personal data is the Company SANKOM Sp. z o.o., seated at ul. J. P. Dziekońskiego 3, 00-728 Warszawa. Please direct your enquiries concerning matters related to personal data processed by the Administrator to addresses detailed in Section 2.2 of this Policy.

5.2 Personal data shall be processed in order to:

  1. execute an agreement and implement actions required by this agreement with regard to organizing and conducting trainings (GDPR’s Art. 6 Section 1 (b)),
  2. complying with legal obligations, in this tax regulations – for this purpose the legal basis is the legal obligation incumbent on the Administrator (GDPR’s Art. 6 Section 1 (c)),
  3. establish or pursue possible claims or defend against such claims by the Administrator, the legal basis for processing personal data is the legitimate interest of the Administrator (as in GDPR’s Art. 6 Section 1 (f)).
  4. realize marketing actions of the Company’s own products or Administrator’s services (GDPR’s Art. 6 Section 1 (f)) or commercial offer of apps and software Sponsors (GDPR’s Art. 6 Section 1 (a)) – if the consent to this has been granted or data processing is undertaken with regard to the legitimate interest of the Company which is providing information concerning own commercial offer.

5.3 Personal data shall be retained for the period required for realization of the particular purpose which has been granted consent, with systematic assessment of the usefulness of granted consents (for personal data processed on the basis of such granted consents). Data shall be processed for the period of agreement duration, no longer than limitation period for claims (for personal data processed on the basis of a concluded contract). In terms of processing data for the purposes of providing marketing content, this data shall be processed until the granted consent has been withdrawn or a claim has been entered against such processing (for personal data processed on the basis of granted consents or legitimate interest of the Administrator). The period of processing may become prolonged each time it is required, for the period of limitation of potential claims, if processing personal data is essential to establish or pursue potential claims or defence against such claims by the Administrator. After this period the data shall be processed entirely in the range and for the duration required by regulations, in this tax and accounting regulations.

5.4 The recipients of personal data are: selected businesses supporting servicing of marketing campaigns and promotion actions of offers, if the consent has been granted to receive commercial information by e-mail, in this information concerning current commercial offer of the Company and commercial offers of the apps and software Sponsors, providers of IT systems and services (e-mail hosting and database systems), entities providing to the Company services required to implement the concluded agreement, in this providers of legal services, postal operators, couriers, banks servicing payments, apps and software Sponsors, e-learning platforms, marketing agencies contracted with mailing on behalf of the Administrator.

5.5 In terms of the rights arising from GDPR, rights are valid as indicated in Section 10 of this Policy.

5.6 Data subjects have the right to lodge an objection against processing of personal data for the purposes of providing marketing content. With respect to processing personal data for the purposes originating from legitimate interest of the Company, the right can be executed to lodge an objection due to particular circumstances of the data subject.

5.7 In case of processing personal data on the basis of a granted consent – this consent may be withdrawn at any given time. The withdrawal of consent does not affect the lawfulness of the data processing based on this consent prior to its withdrawal. The Administrator requests execution of potential withdrawals in writing or by e-mails.

5.8 Sharing personal data is required for the purposes of execution of trainings, otherwise it is voluntary.

  1. INFORMATION CLAUSE FOR CLIENTS, BUSINESS PARTNERS, CONTRACTORS OR PURCHASERS OF SANKOM’S SOFTWARE

6.1 The Administrator of personal data is the Company SANKOM Sp. z o.o., seated at ul. J. P. Dziekońskiego 3, 00-728 Warszawa. Please direct your enquiries concerning matters related to personal data processed by the Administrator to addresses detailed in Section 2.2 of this Policy.

6.2 Personal data shall be protected and processed for the purposes of:

  1. implementation of agreements whose party is a person whom this data refers to (client or contractor), or to initiate actions requested by such a person whom this data refers to prior to the conclusion of the agreement (as in GDPR’s Art. 6 Section 1 (b)),
  2. marketing of own products or the Administrator’s services (as in GDPR’s Art. 6 Section 1 (f)), or a commercial offer of apps and software Sponsors (as in GDPR’s Art. 6 Section 1 (a)) – if the consent to this has been granted or data processing is undertaken with regard to the legitimate interest of the Company which is providing information concerning own commercial offer. Additionally, e-mailing of any commercial information or phone contact can be only initiated on the basis of a voluntary consent granted by a recipient of such information,
  3. implementation of the Company’s legitimate interest which is establishment or pursuing of possible claims or defence against such claims (where the legal basis of data processing is GDPR’s Art. 6 Section 1 (f)).

6.3 Personal data shall be retained for the period required for realization of the particular purpose which has been granted consent, with systematic assessment of the usefulness of granted consents (for personal data processed on the basis of such granted consents). Data shall be processed for the period of agreement duration, no longer than limitation period for claims (for personal data processed on the basis of a concluded contract). In terms of processing data for the purposes of providing marketing content, this data shall be processed until the granted consent has been withdrawn or a claim has been entered against such processing (for personal data processed on the basis of granted consents or legitimate interest of the Administrator). The period of processing of personal data may become prolonged each time it is required, for the period of limitation of potential claims, if processing personal data is essential to establish or pursue potential claims or defence against such claims by the Administrator. After this period the data shall be processed entirely in the range and for the duration required by regulations, in this tax and accounting regulations.

6.4 The recipients of personal data are: selected businesses supporting servicing of marketing campaigns and promotion actions of offers, if the consent has been granted to receive commercial information by e-mail, in this information concerning current commercial offer of the Company and commercial offers of the apps and software Sponsors, providers of IT systems and services (e-mail hosting and database systems), entities providing to the Company services required to implement the concluded agreement, in this providers of legal services, postal operators, couriers, banks servicing payments, apps and software Sponsors, e-learning platforms, marketing agencies contracted with mailing on behalf of the Administrator, as well as foreign distributors offering in their range the products of SANKOM Sp. z o.o., including companies that process and assist in electronic payments (including PayPro Global).

6.5 In terms of the rights arising from GDPR, rights are valid as indicated in Section 10 of this Policy.

6.6 Data subjects have the right to lodge an objection against processing of personal data for the purposes of providing marketing content. With respect to processing personal data for the purposes originating from legitimate interest of the Company, the right can be executed to lodge an objection due to particular circumstances of the data subject.

6.7 In case of processing personal data on the basis of a granted consent – this consent may be withdrawn at any given time. The withdrawal of consent does not affect the lawfulness of the data processing based on this consent prior to its withdrawal. The Administrator requests execution of potential withdrawals in writing or by e-mails.

6.8 Sharing personal data is required for the purposes of implementation of the agreement concluded with the client.

  1. INFORMATION CLAUSE FOR THE EMPLOYEES OF CLIENTS OR CONTRACTORS, MEMBERS OF THE BOARD OF MANAGERS, ASSOCIATES AND COMMERCIAL PROXIES

7.1 The Administrator of personal data is the Company SANKOM Sp. z o.o., seated at ul. J. P. Dziekońskiego 3, 00-728 Warszawa. Please direct your enquiries concerning matters related to personal data processed by the Administrator to addresses detailed in Section 2.2 of this Policy.

7.2 Personal data has been shared with the Administrator by the Company’s contractor, who is represented by, employs or cooperates with the data subject, optionally this data has been acquired from public registers (e.g. registers of entrepreneurs, court records, the National Court Register of Entrepreneurs KRS, Central Register and Information on Economic Activity CEIDG), with regard to implementing the commercial agreement by the Administrator, which links the Administrator and the business entity or entrepreneur who is represented by, employs or cooperates with the data subject.

The Administrator processes personal data of the following characteristics:

  1. for representatives: name or names and surname, position within represented entities, business post , e-mail address and phone number,
  2. for other persons: name or names and surname, e-mail address, phone number and business post.

7.3 The Administrator shall process personal data when it is required for the purposes originating at legitimate interest executed by the Administrator or any third party – as in GDPR’s Art. 6 Section 1 (f) – which includes – in the Administrator’s view – conclusion and implementation of a commercial agreement linking the Administrator and any entity represented by the data subject, and moreover establishment of, pursuing and defence against claims.

7.4 The recipients of personal data are providers of IT systems and services (e-mail hosting and database systems) to the Company, entities providing to the Company services required to implement the concluded agreement, in this providers of legal services, postal operators, couriers and banks servicing payments.

7.5 In terms of the rights arising from GDPR, rights are valid as indicated in Section 10 of this Policy.

7.6 Data subjects have the right to lodge an objection against processing of personal data for the purposes originating at legitimate interest of the Company, due to particular circumstances of the data subject.

7.7 Sharing personal data is required for the purposes of implementation of the agreement concluded with the client and maintaining contact concerning business matters.

  1. INFORMATION CLAUSE FOR PERSONS UNDERTAKING CONTACT WITH THE ADMINISTRATOR VIA CONTACT FORMS

8.1 The Administrator of personal data is the Company SANKOM Sp. z o.o., seated at ul. J. P. Dziekońskiego 3, 00-728 Warszawa. Please direct your enquiries concerning matters related to personal data processed by the Administrator to addresses detailed in Section 2.2 of this Policy.

8.2 Personal data shall be processed for the purposes of:

  1. handling enquiries and correspondence – i.e. to provide answers to questions, as this constitutes legitimate interest of the Administrator, together with establishment of, pursuing and defence against possible claims by the Administrator (as in GDPR’s Art. 6 Section 1 (f)),
  2. registration for trainings or ordering the Company’s products – i.e. to implement agreements whose party is a person whom this data refers to (client or contractor), or to initiate actions requested by such a person whom this data refers to prior to the conclusion of the agreement (as in GDPR’s Art. 6 Section 1 (b)),

8.3 The recipients of personal data are: selected businesses supporting servicing of marketing campaigns and promotion actions of offers, if the consent has been granted to receive commercial information by e-mail, in this information concerning current commercial offer of the Company and commercial offers of the apps and software Sponsors, providers of IT systems and services (e-mail hosting and database systems), entities providing to the Company services required to implement the concluded agreement, in this providers of legal services, postal operators, couriers, banks servicing payments, apps and software Sponsors, e-learning platforms, marketing agencies contracted with mailing on behalf of the Administrator.

8.4 Data shall be processed for the period of maintaining correspondence and – after it has been concluded – as a rule no longer than limitation period for claims. If personal data has been shared for the purposes of registration to trainings or ordering products, this data is processed for the duration of implementation of the agreement, and when it has been concluded – for the period required to pursue possible claims or limitation of such claims. After this period, the data shall be processed entirely in the range and for the duration required by regulations, in this regulations concerning archiving documentation.

8.5 In terms of the rights arising from GDPR, rights are valid as indicated in Section 10 of this Policy.

8.6 Data subjects have the right to lodge an objection against processing of personal data for the purposes originating at legitimate interest of the Company, due to particular circumstances of the data subject.

8.7 Sharing personal data e.g. via contact forms, e-mails or phone is every time voluntary. In case such a form is structured for the purposes of training registration or ordering a product, acquired data is required to initiate legal implications such as conclusion of this contract.

9. INFORMATION CLAUSE FOR RECIPIENTS OF COMMERCIAL INFORMATION

9.1 The Administrator of personal data is the Company SANKOM Sp. z o.o., seated at ul. J. P. Dziekońskiego 3, 00-728 Warszawa. Please direct your enquiries concerning matters related to personal data processed by the Administrator to addresses detailed in Section 2.2 of this Policy.

9.2 Personal data shall be processed for the purposes of mailing marketing information and commercial information concerning the Company’s offer (as in GDPR’s Art. 6 Section 1 (f)), as well as commercial offers of apps and software Sponsors (on the basis of a granted consent, as in GDPR’s Art. 6 Section 1 (a)), for the purposes of marketing of the Company’s own products or services, or the services of apps and software Sponsors. Providing information concerning commercial offer of the Administrator constitutes the Company’s legitimate interest, while providing information concerning commercial offers of apps and software Sponsors proceeds on the basis of the consent of the recipient of commercial information granted beforehand. Additionally, e-mailing any commercial information or phone contact proceeds on the basis of the consents granted voluntarily by the recipient of such information.

9.3 The recipients of personal data are: selected businesses supporting servicing of marketing campaigns and promotion actions of offers, if the consent has been granted to receive commercial information by e-mail, in this information concerning current commercial offer of the Company and commercial offers of the apps and software Sponsors, providers of IT systems and services (e-mail hosting and database systems), entities providing to the Company services required to implement the concluded agreement, in this providers of legal services, postal operators, couriers, banks servicing payments, apps and software Sponsors or marketing agencies contracted with mailing on behalf of the Administrator.

9.4 Personal data shall be processed until withdrawal of a previously granted consent, and the Administrator shall systematically undertake assessments of the usefulness of such data. The period of processing may become prolonged each time it is required, for the period of limitation of potential claims, if processing personal data is essential to establish or pursue potential claims or defence against such claims by the Administrator.

9.5 Data subjects have the right to lodge an objection against processing of personal data for the purposes of providing marketing content. Moreover, with regard to processing personal data for the purposes originating at legitimate interest of the Company, data subjects are entitled to lodge objections concerning data processing, due to particular circumstances of the data subject.

9.6 In case of processing personal data on the basis of a granted consent – this consent may be withdrawn at any given time. The withdrawal of consent does not affect the lawfulness of the data processing based on this consent prior to its withdrawal. The Administrator requests execution of potential withdrawals in writing or by e-mails.

9.7 In terms of the rights arising from GDPR, rights are valid as indicated in Section 10 of this Policy.

9.8 Profiling: shared personal data is not the subject to profiling, that is automated assessment of particular personal indicators. Filtering is executed for particular clients, basing on such data as location (country, town or city) or variety of purchased software, in order to improve targeting of the current marketing offer of the Company toward interested persons. Basing on the above mentioned filters, information is provided to clients closely matching their preferences.

9.9 Sharing data is voluntary, still necessary for the Company to attempt contact within the purposes detailed in the above Section 9.2.

10. RIGHTS OF DATA SUBJECTS WITH REGARD TO PROTECTION OF PERSONAL DATA

10.1 In case of pursuing rights data subjects have with relation to GDPR, please contact the Company at addresses detailed in Section 2.2 of this Policy – at the e-mail address or via a contact form. Please enclose any required information serving univocal identification of the data subject.

10.2 Data subjects (natural persons) have the following rights:

  1. to access personal data, in this to require obtaining a copy of this data,
  2. to rectify personal data,
  3. to remove personal data (the right to be forgotten),
  4. to restrict the consent to the processing of data,
  5. to transfer data to another administrator, if data processing proceeds on the basis of an agreement (as in GDPR’s Art. 6 Section 1 (b)) or consent (as in GDPR’s Art. 6 Section 1 (a)),
  6. to lodge an objection to process personal data, in this with regard to direct marketing, as in GDPR’s Art. 6 Section 1 (f). Also, the right to lodge an objection with regard to processing personal data for the purposes as in GDPR’s Art. 6 Section 1 (f) due to particular circumstances of the data subject,
  7. to lodge a complaint with a supervising authority dedicated to protection of personal data – President of Personal Data Protection Office (PUODO) (detailed information in Section 10.4 below),
  8. to withdraw consent at any given time. The withdrawal of consent does not affect the lawfulness of the data processing based on this consent prior to its withdrawal. The consents may be withdrawn at any time without affecting the lawfulness of processing.

10.3 To exercise above rights, please contact the Company’s Data Protection Officer at e-mail address: inspektor@sankom.net, optionally via contacting the Company in writing at the address of the data Administrator: SANKOM Sp. z o.o. ul. J. P.Dziekońskiego 3, 00-728 Warszawa (footnote: Data Protection Officer).

10.4 If recognized that processing of personal data is exercised in violation of applicable laws, each data subject has the right to lodge a complaint with a supervising authority. To do this, please contact the administration of the Personal Data Protection Office (UODO) appropriate with regard to the place of residence of the data subject.

Contact data of the Personal Data Protection Office (UODO):

Urząd Ochrony Danych Osobowych

Stawki 2, 00-193 Warszawa

kancelaria@uodo.gov.pl