1. PERSONAL DATA CONTROLLER
1.1. The Controller of personal data of Users is Way2Champ spółka z ograniczoną odpowiedzialnością spółka komandytowa with its registered office in Stary Sącz, ul. Magazynowa 1, 33-340 Stary Sącz, entered in the register of entrepreneurs of the National Court Register (KRS) under number KRS: 0000750352, Tax Identification Number NIP: 7343564059, National Business Registry Number REGON: 38139253600000.
1.2. A personal data subject may contact the Service Provider as the personal data controller by sending a message to the e-mail address: firstname.lastname@example.org.
2. DATA PROCESSING METHOD
2.1. The purpose and scope of processed personal data are determined by the scope of consents and data provided by a data subject in the registration, contact or other form. The processing of personal data handled by the Service Provider may concern in particular: first and last name, correspondence address, details referring to a pursued business activity, image, e-mail address, phone number, computer IP address, identifiers of social media channels, data collected by Google Analytics and Facebook Pixel and other data voluntarily provided by the relevant person.
2.2. Providing personal data is voluntary, but failure to provide the personal data marked in the form (in particular in the Account registration form) as obligatory will prevent use of all functionalities of the Website. Due to the nature of actions taken up by the Service Provider, they cannot be provided anonymously.
2.3. Personal data of Users will be processed for the following purposes:
|purpose||scope||legal basis||processing period|
|providing access to the Website||IP address||Article 6.1.(b) of the GDPR – processing is necessary for performance of the Agreement to which the data subject is a party, or undertaking actions upon request of the data subject prior to conclusion of the Agreement||until lapse of the period of limitation of claims connected with making the Website functionalities available to the data subject|
|enabling use of the functionalities offered by the Website||IP address, e-mail address, phone number||Article 6.1.(b) of the GDPR – as above||until lapse of the period of limitation of claims connected with making the Website functionalities available to the data subject|
|registering in Way2Champ, setting up the Account, providing the possibility of logging in to the Account||IP address, e-mail address, first and last name||Article 6.1.(b) of the GDPR – as above||until lapse of the period of limitation of claims connected with making the Website functionalities available to the data subject in the scope of the possibility to log in|
|contact via e-mail with data subjects, responding to e-mail messages||e-mail address, first and last name, other data provided voluntarily in the form or an e-mail message||Article 6.1.(f) of the GDPR – legitimate interest of the Service Provider as the controller which consists in responding to queries and correspondence provided directly by data subjects||until correspondence ends or the data subject objects|
|contact via phone with data subjects||phone number, first and last name, other data provided voluntarily during a call||Article 6.1.(f) of the GDPR – legitimate interest of the Service Provider as the controller which consists in responding to queries and correspondence provided directly by data subjects||until the call ends or the data subject objects|
|contact by means of the contact form||e-mail address, first and last name, other data provided voluntarily in the contact form||Article 6.1.(f) of the GDPR – legitimate interest of the controller which consists in responding to queries and correspondence provided directly by data subjects||until correspondence ends or the data subject objects|
|issuing accounting documents, keeping books of account||first and last name, address for service, bank account number, details referring to a pursued business activity||Article 6.1.(c) of the GDPR – implementation of legal provisions||for the term for which accounting documents have to be kept as prescribed by legal provisions|
|analysing traffic on the Website||IP address, Cookie files||Article 6.1.(a) of the GDPR – consent given by the data subject||until data cease to be useful or the data subject withdraws the consent|
|co-operation with third persons, including coaches||first and last name, details concerning a pursued business activity, e-mail address, phone number||Article 6.1.(b) of the GDPR – processing is necessary for performance of an agreement to which the data subject is a party, or undertaking actions upon request of the data subject prior to conclusion of the agreement||until lapse of the period of limitation of claims resulting from agreements referring to the co-operation|
|concluding and performing Sales Agreements||first and last name, e-mail address, bank account number, address for service, Tax Identification Number NIP, company name, place of business||Article 6.1(b) of the GDPR – statutory authorisation to process data necessary to perform an agreement||until lapse of the period of limitation of claims resulting from the Sales Agreement|
|processing complaints and returns||first and last name, e-mail address, bank account number, address for service, Tax Identification Number NIP, company name, place of business||Article 6.1.(f) of the GDPR – legitimate interest of the Service Provider which consists in considering complaints and other claims of the Users||until data cease to be useful or the data subject objects|
|sending Newsletter||e-mail address||Article 6.1(b) of the GDPR – statutory authorisation to process data necessary to perform an agreement or undertaking actions upon request of the data subject prior to conclusion of an agreement||until data cease to be useful or dissolution of the agreement whose subject matter covers sending Newsletter|
2.4. If the Service Provider is advised that the relevant person uses the services provided by the Service Provider or the Website functionalities in violation of applicable legal provisions, then the Service Provider may process User’s personal data in a scope required for establishing his/her liability.
2.5. Transferring Users’ personal data to third parties, in particular to the USA, will be governed by model contractual clauses, where both the Service Provider and its counterparties undertake to ensure appropriate level of security of Users’ personal data. Prior to signing model contractual clauses, the Service Provider verifies each of its counterparties which would have access to Users’ personal data and assesses whether the country to which Users’ personal data would be transferred enables enforcement of rights and provides the Users with effective legal remedies.
2.6. If the European Commission issues a decision in which it determines whether the relevant third country ensures the appropriate level of protection of personal data, then transferring Users’ personal data to such country may also proceed on the basis of such decision.
2.7. Where it is not possible to apply model contractual clauses and there is no decision of the European Commission, Users’ personal data will be transferred only in special cases understood as the necessity to perform the agreement concluded between the User and the Service Provider or implementation of pre-contractual measures. Also in such case the Service Provider carries out thorough verification of each of its counterparties which would have access to Users’ personal data so as to ensure their maximum security.
2.8. In each case where Users’ personal data are transferred to a third country, the User is authorised to obtain a copy of such data.
3. RECIPIENTS OF DATA
3.1. The Service Provider may entrust the processing of Users’ personal data to third parties for the purpose of performance of the activities stated in the Terms of Service. The recipients of User’s data may involve in particular: providers of IOT services, provider of hosting for the Website, e-mail operator, software development company, provider of the CRM software, provider of the service connected with sending e-mails, accounting firm, law firm, entities providing cloud and other solutions used by the Service Provider in its current operations which involve personal data processing.
3.2. Personal data collected by the Service Provider may also be disclosed to competent state bodies or institutions (law enforcement authorities, courts, security service) authorised to gain access to them on the basis of the respective generally applicable legal provisions, or other persons and entities – in the cases prescribed by the generally applicable legal provisions.
3.3. Each entity to which the Service Provider transfers personal data for processing on the basis of a personal data transfer agreement (“Data Transfer Agreement”) guarantees an adequate level of security and confidentiality of the processing of personal data. An entity processing personal data on the basis of the Transfer Agreement may process personal data through another entity only upon prior written consent of the Service Provider.
4. RIGHTS OF DATA SUBJECTS
4.1. Each data subject has the right to: (a) delete the collected personal data referring to him/her both from the system belonging to the Service Provider as well as from bases of entities which have co-operated with the Service Provider, (b) restrict the processing of data, (c) portability of the personal data collected by the Service Provider and referring to the relevant person, in this to receive them in a structured form, (d) request the Service Provider to enable him/her access to his/her personal data and to rectify them, (e) object to personal data processing, (f) withdraw the consent towards the Service Provider at any time without affecting the legality of the personal data processing carried out on the basis of the consent before it is withdrawn, (g) lodge a complaint about the Service Provider to the supervisory authority (President of the Personal Data Protection Office).
5. OTHER DATA
5.1. The Service Provider may store http enquiries, therefore the files containing web server logs may store certain data related to Users, including the IP address of the computer sending the enquiry, the name of User’s station – identification through http protocol, date and system time of registration on the Website and receipt of the enquiry, number of bytes sent by the server, the URL address of the site visited by the User before (if the User has entered the Website through a link), information concerning User’s browser, information concerning errors occurred by realization of the http transaction. Web server logs may be collected for the purposes of proper administration of Way2Champ. Only persons authorised to administer the IT system have access to the data referred to above. Files containing web server logs may be analysed for the purposes of preparing statistics concerning traffic on the Website and occurring errors. Summary of such details does not identify the User.
5.2. The Service Provider may use analytics tools of Google Analytics as part of which it has access to anonymised information on Users, including: information on the operating system and Internet browser used by the User, time spent on the Website, User’s age range, User’s gender, User’s approximate location, User’s interests determined on the basis of his/her activity in the Internet. The details referred to in the preceding sentence are not combined with Users’ personal data and do not enable their identification and are not personal data within the meaning of the GDPR.
5.3. The Service Provider may also use the marketing tools of Facebook Pixel, as part of which it has also access to anonymised information concerning Users. The details referred to in the preceding sentences are not combined with Users’ personal data and do not enable their identification and are not personal data within the meaning of the GDPR.
6.1. The Service Provider takes care of security of Users’ personal data. For this purpose the Service Provider has implemented appropriate safeguards and means of protection of personal data taking into account risks connected with the process of personal data processing. In particular, the Service Provider applies technological and organisational means in order to secure personal data against being disclosed to unauthorised persons, taken over by an unauthorised person, changed, lost, damaged or destroyed, as well as processed in violation of the GDPR by using, among other things, SSL certificates. The compilation of personal data collected by the Service Provider is stored on secured servers, moreover, personal data are also secured by internal procedures of the Service Provider related to the processing of personal data and information security policy.
6.2. Irrespective of the foregoing, the Service Provider states that using the Internet and services provided by electronic means may pose a threat of malware breaking into the teleinformatic system and device of the relevant person, as well as a third party gaining access to data, including personal data. In order to minimise such threats, each person should use appropriate technical safeguards (antivirus programs) or programs securing identification in the Internet.
7.1. For the purposes of correct operation of the Website and the functionalities offered by the Service Provider, the Service Provider uses cookie files (“Cookies”). Cookies are text information recorded on User’s device (computer tablet, smartphone) which may be read by the teleinformatic system of the Store or third parties.
7.2. The Service Provider uses two types of Cookies: (a) session cookies, which are permanently deleted upon closing the session of User’s browser; (b) permanent cookies, which remain on User’s device after closing the session until they are deleted.
7.3. It is not possible to determine the identity of the User or otherwise identify the User on the basis of Cookie files, whether session or permanent. Cookies prevent collection of any personal data.
7.4. Files generated directly by the Service Provider may not be read by other websites. Third-party Cookies (i.e. Cookies provided by entities co-operating with the Service Provider) may be read by an external server.
7.5. The user may individually change the Cookie settings at any time, stating the conditions of their storage, through the Internet browser settings or configuration of the service on the Website.
7.6. The user may individually disable storing Cookies on his/her device at any time in accordance with the instructions of the Internet browser producer, but this may disable certain parts of or the entire operation of the Way2Champ functionalities.
7.7. The user may individually remove Cookies stored on his/her device at any time in accordance with the instructions of the Internet browser producer.
7.8. The Service Provider uses own Cookies for the following purposes: authentication of the User on the Website and maintaining User’s session; configuration of the Website and adjustment of its content to the preferences or conduct of the User; analysis and research of views, including click number and path taken by the User on Way2Champ to improve its appearance and organisation of content, time spent on the Website, number of Users and frequency of visits on the Website.
7.9. The Service Provider uses Third-party Cookies for the following purposes:
|Tool:||Purpose of storing:|
|Google Analytics||files are used for collecting information on the manner in which visitors use Way2Champ. Such information is used for analysing aggregated data and improving the Website on this basis|
|Facebook Pixel||a tool used for measuring effectiveness of ads displayed on Facebook on the basis of analysis of actions taken by the Users.|
|GetResponse||a tool using cookie files to collect information related to Users’ conduct on websites for analytical purposes|
7.10. Details concerning Cookie support are available in the settings of the browser used by the User.
8. FINAL PROVISIONS