I The Preamble
- What personal data are and what is the processing of personal data;
- Who controls your personal data;
- What are the principles for our processing of your personal data'
- For what purposes and based on which legal grounds we use your personal data;
- Who do we share your personal data with;
- How do we secure your personal data;
- How long do we process your personal data;
- What rights are granted to you in relation to processing of your personal data;
- What are cookies and other technologies related to the functioning of our website.
Detailed information about the processing of personal data are provided by us actively in information notes which are delivered by us to any persons when we collect their personal data and by making them also available on our website.
II Personal data and processing of personal data
Personal data are any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier.
Processing of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, such as, inter alia, collection, recording, storing, adapting, changing, disclosing or erasing of data.
III Controlling of personal data
The controller of your personal data is the company MERIXSTUDIO Sp. z o.o. (i.e. limited company) with headquarters in Poznań (61-129) at. Małachowskiego 10, entered into the register of entrepreneurs of National Court Register maintained by District Court Poznań – Nowe Miasto i Wilda in Poznań, VIII Commercial Division under the number 0000938427, holding the numbers TAX-EU: 7822905423 and REGON: 520724706, with a share capital of 200.000,00 PLN (referred to in this document as “Merixstudio”).
We also have profiles on Facebook, LinkedIn, Twitter, Instagram, Dribble and Behance, therefore we process the personal data of people who visit our profile on these social media.
- Facebook: https://www.facebook.com/privacy/explanation;
- Twitter: https://twitter.com/en/privacy;
- Dribble: https://dribbble.com/privacy;
- Behance: https://www.adobe.com/privacy.html.
Social media plugins can collect and transfer information to social media administrators even when you visit our Website without logging in to your account on a given social network. If you are logged in to your account on a social networking site, a given administrator of this social networking site may associate your visit to our Website with your profile on a given social networking site. If you do not want this, log out of your account on the given social network before visiting our Website.
On our social media profiles, there may be partial co-administration within the meaning of Art. 26 sec. 1 GDPR with your personal data between Merixstudio and social media administrators. Detailed rules of responsibility for the processing of personal data can be found in individual privacy policies of social media. In matters where social media administrators give us the opportunity, Merixstudio takes all steps to ensure that the processing is in accordance with the provisions on the protection of personal data.
In case of Facebook, the essence of the arrangements between the joint controllers – us and Facebook – is available on that portal owner website at the following address https://www.facebook.com/legal/controller_addendum (the information on the principles for the processing of personal data you can also find at this link https://www.facebook.com/legal/terms/page_controller_addendum).
IV Principles for the processing of personal data
As part of the processing of your personal data, we take due care to ensure that these data are processed in a legal, reliable, transparent and secure manner.
Below you can find the most significant principles which we follow while processing your personal data:
- what are cookies and other technologies related to the functioning of our website.
- we collect personal data only to a minimum extent, necessary to achieve the purposes for which they are collected.
- we process personal data only based on the valid legal ground.
- we care about the validity and correctness of your personal data and we respond promptly to any applications submitted to us regarding rectification or update of personal data.
- we limit the storage of personal data only to the period necessary to achieve the purposes for which they are collected, unless there are events that may extend the period of data storage (such as a change in the law ordering extension of the data storage period or legal dispute with a person whose data we process).
- we execute your right to: access your personal data, correct them, delete personal data, withdraw consent for the processing of personal data, restrict processing, transfer data, object to data processing and not to make any decisions regarding you based solely on automated data processing, including profiling.
- we protect your personal data against unauthorized access, as well as against accidental or unlawful loss, damage or alteration of personal data.
- if your data is shared with other processors, it is done in a safe manner and secured by an appropriate agreement on entrusting of personal data, in accordance with applicable law.
V Purposes and legal grounds for the processing of personal data
We process your personal data for specific purposes and based on a specific legal basis. Due to the fact that the purposes and grounds for the processing of your personal data may vary depending on the relationship between us, we indicate these purposes and grounds by exercising the information obligation referred to in Article 13 or 14 of GDPR. Most often, however, the processing of your personal data will take place for one or some of the following purposes:
- in case you are our potential customer - to conclude a contract; in this case, the legal basis for the processing of your personal data will be taking action at your request before the conclusion of the contract [art. 6 par. 1 pt. b) of GDPR];
- in case you are our client - in order to implement the concluded contract, in this case, the legal basis for the processing of your personal data will be the performance of the contract [art. 6 par. 1 pt. b) of GDPR];
- in case you are an employee, co-worker or representative of our client or potential client – in order to conclude or perform the contract; in this case, the legal basis for the processing of your personal data will be the legitimate interest pursued by us [art. 6 par. 1 pt. f) of GDPR];
- in case you are a recipient of our marketing campaigns, within direct marketing of our products or services – in order to implement such marketing activities; in this case, the legal basis for the processing of your personal data will be the legitimate interest pursued by us [art. 6 par. 1 pt. f) of GDPR];
- in case you gave separate consent for our marketing contact with you by e-mail or phone – in order to implement that contact by us via your e-mail address or your phone number
– depending on which of these data you provide to us for this purpose; in this case, your consent will be the legal basis [art. 6 par. 1 pt. a) of GDPR];
- in case you are a subscriber of our newsletter – in order to send the newsletter to you; in this case, the legal basis for the processing of your personal data will be the performance of the contract [art. 6 par. 1 pt. b) of GDPR];
- in case you contact us through our contact form in matters unrelated to conclusion or execution of the contract – to handle queries and requests addressed to us; in this case, the legal basis for the processing of your personal data will be your consent [art. 6 par. 1 pt. a) of GDPR];
- in case you are a candidate wanting to work for us – in order to conduct the recruitment process for the position you are applying to ; in this case, the legal basis for the processing of personal data will be our legal obligation [art. 6 par. 1 pt. c) of GDPR in conjunction with art. 221 §1 of Labor Code], and in case you decide to disclose additional information not indicated in art. 221 §1 of Labor Code or you agree to take part in the future recruitment process the ground for the processing of your personal data will be your consent [art. 6 par. 1 pt. a) of GDPR];
- in case you are a participant or a speaker at workshops, trainings, conferences and industry events organized or co-organized by us – in order to provide you with the opportunity to participate in an event organized or co-organized by us; in this case, the legal basis for the processing of your personal data will be taking action at your request before the conclusion of the contract and the performance of the contract [art. 6 par. 1 pt. b) of GDPR];
- in case you are a participant of competitions organized by us – in order to promote our services and allow your participation in the contest; in this case, the legal basis for the processing of your personal data will be taking action at your request before the conclusion of the contract and the performance of the contract [art. 6 par. 1 pt. b) of GDPR];
- in case you are a reader of our blog – in order to write a blog and allow you to place your entries there; in this case, the legal basis for the processing of your personal data will be your consent [art. 6 par. 1 pt. a) of GDPR];
- in case you visit our fanpage on Facebook or use Facebook Page Plugin on our website – in order to run our fanpage on Facebook effectively and enable you to interact with us through this fanpage by presenting you information about our efforts and other our activities that we take and in connection with the promotion of various types of events, services and products, and also to promote our website on social media – in this case, the legal basis for the processing of your personal date will be the legitimate interest pursued by us [art. 6 par. 1 pt. f) of GDPR].
Irrespective of the above list illustrating the most common grounds for personal data processing, there will generally be more than one legal basis for the processing of your data – detailed information can be found by you in the information note corresponding to the relations that bind you to us.
The personal data that we process may include identification data, e.g. name, contact details (such as phone number, email address), location data, data regarding orders and complaints placed by you. Each time we define and process only the necessary data. Depending on the specific situation, the personal data you provide may be voluntary or mandatory.
While using our website you remain anonymous until you decide to disclose your data – eg. by sending a request via the contact form, subscribing to our newsletter or placing a comment on our blog.
VI Withdrawal of consent
Withdrawal of consent does not entail any negative consequences. You should be aware, however, that withdrawal of consent may entail the inability to use such services as, for example: receiving invitations to events or services provided by us commercially.
The withdrawal of consent does not affect the lawfulness of your personal data processing, which was made on the basis of this consent prior to its withdrawal.
After receiving a statement of withdrawal of consent to the processing of your personal data, we will cease to process your personal data, however, that further processing of your personal data will be still possible for other purposes (e.g. contract performance, evidence demonstration, claim enforcement) – based on another valid legal basis, indicated in particular in Articles 6 and 9 of GDPR.
VII Sharing of personal data with other recipients
Your personal data may be shared by us with various recipients – depending on the type of our relationship and purposes for the processing of your personal data. The most frequent recipients of your personal data may be in particular:
- Hosting service providers (including cloud-computing services);
- E-mail service providers;
- Social networking owners;
- Courier and mail service providers;
- Newsletter service providers;
- Accountancy service providers.
Your personal data will be transferred outside the European Economic Area only when it is necessary and only on the legal basis determined by the provisions of the GDPR. With consideration to the aforementioned limitation, personal data may be transferred to third countries (e.g. to the USA) in connection with:
- Conducting the electronic correspondence and analysis of the website statistics – in this case, Google LLC incorporated in the USA, as well as the subsidiaries and subcontractors of Google LLC which have the registered office in the USA (since Google Ireland Ltd company related to the above-mentioned entities is our partner), may be the recipients of the data;
- Your visits to our fanpage on Facebook or using social plugin on our website the joint controller of your personal data is seated in Ireland Metaplatforms Ireland Limited company, which in specific cases may transfer the certain scope of your personal data to its related companies which have registered office in the USA (in particular Meta Platforms Inc.);
- Adaptation of links on websites and collecting information such as quantity, location, and source of entries – Bitly, Inc. incorporated in the USA may be the recipient of the data.
The legal basis for transferring your personal data to Google LLC company and its related companies, as well as the legal mechanism that secure that transfer are Standard Contractual Clauses adopted by European Commission). For more information about the processing of personal data by Google Ireland Ltd. and Google LLC, please visit the following address: https://policies.google.com/privacy.
VIII Security of personal data
We apply technical and organizational measures to protect personal data against illegal or unauthorized access or use, as well as against accidental destruction, loss or violation of their integrity.
As part of ensuring the security of the personal data being processed, we include:
- Confidentiality of personal data – we ensure that your personal information is not accidentally disclosed to unauthorized persons;
- The integrity of personal data – we protect your personal data against unauthorized modification;
- Accessibility of personal data – we provide anyone entitled with access to your personal data if necessary.
Every employee or associate of Merixstudio who has access to personal data is properly authorized and obliged to keep confidentiality of processed personal data.
IX Data storage
We store your personal data for the period necessary to achieve the goals which are described in detail in your information note.
The period of storage of your personal data is determined in strict compliance with applicable law. In order to determine the period of personal data processing, we keep a register of personal data processing activities pursuant to art. 30 clauses 1 of GDPR.
You are entitled at any time to obtain information on the storage time of your personal data.
X Your rights related to the processing of personal data
We implement the rights related to the processing of your personal data, which are defined in Articles 15-22 of GDPR.
Due to the processing of your personal data, you have the following rights:
- The right to withdraw your consent on the processing of personal data at any time;
- The right to access your personal data and receive their copies;
- The right to rectify outdated or incorrect personal data;
- The right to supplement incomplete personal data;
- The right to erase your personal data;
- The right to restrict the processing of your personal data;
- The right to information about recipients of personal data subject to correction, deletion or restriction of processing of data revealed to such recipients;
- The right to transfer of your personal data to another controller;
- The right to object to the processing of your personal data;
- The right to not be a subject to decisions based solely on the automated processing of personal data, including profiling.
Any correspondence regarding matters related to the processing of your personal data should be sent to Merixstudio address indicated in Chapter 3 above with the postscript "Personal data" or to our e-mail address: firstname.lastname@example.org. By contacting us also in this above-mentioned way you can exercise your rights referred to above.
Your applications will be examined without undue delay, however not later than within one month after their receipt. This deadline may be extended due to the complexity of the request or the number of requests, for a maximum of two more months, about which you will be informed within one month of submitting your application.
Your personal data is not profiled by us, nor is it subject to any other form of automated processing that results in making decisions that have legal or any other material effect on you.
If you decide that the processing of your personal data violates provisions on the protection of personal data, you have right to lodge a complaint with a supervisory authority, which is the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warszawa).
XI Cookies, server logs, and other technologies
We store cookies on your end device, and then we gain access to the information contained therein for statistical purposes, marketing purposes (remarketing) and to ensure the correct operation of our website, as well as its improvement and development.
You have the option of configuring your web browser so it prevents the storage of cookies on the end device used by you. In such a situation your use of our website may be impeded. Information on disabling cookie files can be easily found by typing the following search term: "[browser name] blocking cookies" in the search box in the web browser.
Cookie files may be deleted by you after they have been saved by us, through appropriate functions of the web browser, programs used for this purpose or using appropriate tools available as part of the operating system used by you.
- The use of our website involves sending queries to the server on which our website is stored.
- Each query addressed to the server is saved in the server logs. Logs include your IP address, date and time of sending the query to the server, information about the web browser and operating system used by you.
- Logs are saved and stored on the server.
- The data stored in the server logs are not associated with you specifically and are not used by us to identify you.
- The server logs are only auxiliary material used to administer our website, and their content is not disclosed to anyone except those authorized to administer the server.
We use the following technologies to track your activities within our website:
- Google Analytics tracking code - to analyze website statistics;
- heat maps that represent your navigation on our website, and so the statistics of use of our website;
- collecting information such as the number of clicks on the link, location and source of the click (e.g. Facebook, e-mail, etc.) through the application provided by bitly.com;
- Facebook conversion pixel - to manage Facebook ads and run remarketing activities.