I The Preamble
- What personal data are and what is the processing of personal data;
- Who controls your personal data;
- What are the principles for our processing of your personal data'
- For what purposes and based on which legal grounds we use your personal data;
- Who do we share your personal data with;
- How do we secure your personal data;
- How long do we process your personal data;
- What rights are granted to you in relation to processing of your personal data;
- What are cookies and other technologies related to the functioning of our website.
Detailed information about the processing of personal data are provided by us actively in information notes which are delivered by us to any persons when we collect their personal data and by making them also available on our website.
II Personal data and processing of personal data
Personal data are any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier.
Processing of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, such as collection, recording, storing, adapting, changing, disclosing or erasing of data.
III Controlling of personal data
The controller of your personal data is Mr. Adam Śledzikowski, conducting business as “Adam Śledzikowski MERIXSTUDIO” with his registered office at Małachowskiego 10 in Poznań, holder of VAT-EU number: PL7772427860 (referred to in this document as “Merixstudio”). Pursuant to the relevant agreement concluded with Merixstudio, GoDealla sp. z o. o. (limited liability company with headquarters in Poznań at Małachowskiego 10, 61-129 Poznań, entered into the Register of Entrepreneurs kept by the District Court Poznań - Nowe Miasto i Wilda w Poznaniu, 8th Commercial Department of the National Court Register under KRS (NCR) number: 0000406039, VAT-EU number: PL7831685435) is the joint controller of your personal data. The basic content of arrangements between joint controllers is available for the Users under the following link: https://www.merixstudio.com/pages/joint-controlling-personal-data/
IV Principles for the processing of personal data
As part of the processing of your personal data, we take a due care to ensure that these data are processed in a legal, reliable, transparent and secure manner.
Below you can find the most significant principles which we follow while processing your personal data:
- what are cookies and other technologies related to the functioning of our website.
- we collect personal data only to a minimum extent, necessary to achieve the purposes for which they are collected.
- we process personal data only based on the valid legal ground.
- we care about the validity and correctness of your personal data and we respond promptly to any applications submitted to us regarding rectification or update of personal data.
- we limit the storage of personal data only to the period necessary to achieve the purposes for which they are collected, unless there are events that may extend the period of data storage (such as a change in the law ordering extension of the data storage period or legal dispute with a person whose data we process).
- we execute your right to: access your personal data, correct them, delete personal data, withdraw consent for the processing of personal data, restrict processing, transfer data, object to data processing and not to make any decisions regarding you based solely on automated data processing, including profiling.
- we protect your personal data against unauthorized access, as well as against accidental or unlawful loss, damage or alteration of personal data.
- if your data is shared with other processors, it is done in a safe manner and secured by an appropriate agreement on entrusting of personal data, in accordance with applicable law.
V Purposes and legal grounds for the processing of personal data
We process your personal data for specific purposes and based on a specific legal basis. Due to the fact that the purposes and grounds for the processing of your personal data may vary depending on the relationship between us, we indicate these purposes and grounds by exercising the information obligation referred to in Article 13 or 14 of GDPR. Most often, however, the processing of your personal data will take place for one or some of the following purposes:
- in case you are our potential customer - to conclude a contract; in this case, the legal basis for the processing of your personal data will be taking action at your request before the conclusion of the contract [art. 6 par. 1 pt. b) of GDPR];
- in case you are our client - in order to implement the concluded contract, in this case, the legal basis for the processing of your personal data will be the performance of the contract [art. 6 par. 1 pt. b) of GDPR];
- in case you are an employee, co-worker or representative of our client or potential client – in order to conclude or perform the contract; in this case, the legal basis for the processing of your personal data will be the legitimate interest pursued by us [art. 6 par. 1 pt. f) of GDPR];
- in case you are a recipient of our marketing campaigns – in order to implement marketing activities; in this case, the legal basis for the processing of your personal data will be the legitimate interest pursued by us [art. 6 par. 1 pt. f) of GDPR];
- in case you are a subscriber of our newsletter – in order to send the newsletter to you; in this case, the legal basis for the processing of your personal data will be your consent [art. 6 par. 1 pt. a) of GDPR];
- in case you contact us through our contact form in matters unrelated to conclusion or execution of the contract – to handle queries and requests addressed to us; in this case, the legal basis for the processing of your personal data will be your consent [art. 6 par. 1 pt. a) of GDPR];
- in case you are a candidate wanting to work for us – for the recruitment of employees; in this case, the legal basis for the processing of personal data will be our legal obligation [art. 6 par. 1 pt. c) of GDPR in concjunction with art. 221 §1 of Labor Code], and in case you decide to disclose additional information not indicated in art. 221 §1 of Labor Code or you agree to take part in the future recruitment process the ground for the processing of your personal data will be your consent [art. 6 par. 1 pt. a) of GDPR];
- in case you are a participant or a speaker at workshops, trainings, conferences and industry events organized or co-organized by us – in order to provide you with the opportunity to participate in an event organized or co-organized by us; in this case, the legal basis for the processing of your personal data will be taking action at your request before the conclusion of the contract and the performance of the contract [art. 6 par. 1 pt. b) of GDPR];
- in case you are a participant of competitions organized by us – in order to promote our services and allow your participation in the contest; in this case, the legal basis for the processing of your personal data will be taking action at your request before the conclusion of the contract and the performance of the contract [art. 6 par. 1 pt. b) of GDPR];
- in case you are a reader of our blog – in order to write a blog and allow you to place your entries there; in this case, the legal basis for the processing of your personal data will be your consent [art. 6 par. 1 pt. a) of GDPR].
Irrespective of the above list illustrating the most common grounds for personal data processing, there will generally be more than one legal basis for the processing of your data – detailed information can be found by you in the information note corresponding to the relations that bind you to us.
The personal data that we process may include identification data, e.g. name, contact details (such as phone number, email address), location data, data regarding orders and complaints placed by you. Each time we define and process only the necessary data. Depending on the specific situation, the personal data you provide may be voluntary or mandatory.
While using our website you remain anonymous until you decide to disclose your data – eg. by sending a request via the contact form, subscribing to our newsletter or placing a comment on our blog.
VI Withdrawal of consent
Withdrawal of consent does not entail any negative consequences. You should be aware, however, that withdrawal of consent may entail the inability to use such services as, for example: receiving a newsletter, receiving invitations to events or services provided by us commercially.
The withdrawal of consent does not affect the lawfulness of your personal data processing, which was made on the basis of this consent prior to its withdrawal.
After receiving a statement of withdrawal of consent to the processing of your personal data, we will cease to process your personal data, however, that further processing of your personal data will be still possible for other purposes (e.g. contract performance, evidence demonstration, claim enforcement) – based on another valid legal basis, indicated in particular in Articles 6 and 9 of GDPR.
VII Sharing of personal data with other recipients
Your personal data may be shared by us with various recipients – depending on the type of our relationship and purposes for the processing of your personal data. The most frequent recipients of your personal data may be in particular:
- Hosting service providers (including cloud-computing services);
- E-mail service providers;
- Courier and mail service providers;
- Newsletter service providers;
- Accountancy service providers.
Your personal data will be transferred outside the European Economic Area only when it is necessary and only on the legal basis determined by the provisions of the GDPR. With consideration to the aforementioned limitation, personal data may be transferred to third countries (e.g. to the USA) in connection with:
- Conducting the electronic correspondence and analysis of the website statistics – in this case, Google LLC incorporated in the USA, as a subcontractor of our partner - Google Ireland Ltd., as well as the subsidiaries and subcontractors of Google LLC, may be the recipients of the data;
- Newsletter sending - The Rocket Science Group LLC incorporated in USA (owner of the MailChimp mailing system) may be the recipient of the data;
- Adaptation of links on websites and collecting information such as quantity, location, and source of entries – Bitly, Inc. incorporated in the USA may be the recipient of the data.
The above-mentioned recipients of personal data in the USA have joined the Privacy Shield program established by Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of protection provided by the EU-US Privacy Shield and ensure an adequate level of protection of personal data. With regard to its subcontractors, Google LLC applies security measures consistent with the GDPR to ensure that the processing of personal data is secure and compliant with EU law. For more information about the processing of personal data by Google Ireland Ltd. and Google LLC, please visit the following address: https://policies.google.com/privacy.
The list of entities participating in the "Privacy Shield" program can be found under the following link: https://www.privacyshield.gov/participant_search, while the main assumptions of this program can be found here: https://www.privacyshield.gov/Program-Overview.
VIII Security of personal data
We apply technical and organizational measures to protect personal data against illegal or unauthorized access or use, as well as against accidental destruction, loss or violation of their integrity.
As part of ensuring the security of the personal data being processed, we include:
- Confidentiality of personal data – we ensure that your personal information is not accidentally disclosed to unauthorized persons;
- The integrity of personal data – we protect your personal data against unauthorized modification;
- Accessibility of personal data – we provide anyone entitled with access to your personal data if necessary.
Every employee or associate of Merixstudio who has access to personal data is properly authorized and obliged to keep confidentiality of processed personal data.
IX Data storage
We store your personal data for the period necessary to achieve the goals which are described in detail in your information note.
The period of storage of your personal data is determined in strict compliance with applicable law. In order to determine the period of personal data processing, we keep a register of personal data processing activities pursuant to art. 30 clauses 1 of GDPR.
You are entitled at any time to obtain information on the storage time of your personal data.
X Your rights related to the processing of personal data
We implement the rights related to the processing of your personal data, which are defined in Articles 15-22 of GDPR.
Due to the processing of your personal data, you have the following rights:
- The right to withdraw your consent on the processing of personal data at any time;
- The right to access your personal data and receive their copies;
- The right to rectify outdated or incorrect personal data;
- The right to supplement incomplete personal data;
- The right to erase your personal data;
- The right to restrict the processing of your personal data;
- The right to information about recipients of personal data subject to correction, deletion or restriction of processing of data revealed to such recipients;
- The right to transfer of your personal data;
- The right to object to the processing of your personal data;
- The right to not be a subject to decisions based solely on the automated processing of personal data, including profiling;
- The right to lodge a complaint regarding the processing of your personal data with a competent supervisory authority (the President of the Persona Data Protection Office).
Any correspondence regarding matters related to the processing of your personal data should be sent to Merixstudio address indicated in Chapter 3 above with the postscript "Personal data" or to our e-mail address: firstname.lastname@example.org.
Your applications will be examined without undue delay, however not later than within one month after their receipt. This deadline may be extended due to the complexity of the request or the number of requests, for a maximum of two more months, about which you will be informed within one month of submitting your application.
Your personal data is not profiled by us, nor is it subject to any other form of automated processing that results in making decisions that have legal or any other material effect on you.
XI Cookies, server logs, and other technologies
We use cookie files (cookies), which are small text files, stored on your end device (e.g. computer, tablet, smartphone). Cookies can be read by our data communication systems.
We store cookies on your end device, and then we gain access to the information contained therein for statistical purposes, marketing purposes (remarketing) and to ensure the correct operation of our website, as well as its improvement and development.
You have the option of configuring your web browser so it prevents the storage of cookies on the end device used by you. In such a situation your use of our website may be impeded. Information on disabling cookie files can be easily found by typing the following search term: "[browser name] blocking cookies" in the search box in the web browser.
Cookie files may be deleted by you after they have been saved by us, through appropriate functions of the web browser, programs used for this purpose or using appropriate tools available as part of the operating system used by you.
- The use of our website involves sending queries to the server on which our website is stored.
- Each query addressed to the server is saved in the server logs. Logs include your IP address, date and time of sending the query to the server, information about the web browser and operating system used by you.
- Logs are saved and stored on the server.
- The data stored in the server logs are not associated with you specifically and are not used by us to identify you.
- The server logs are only auxiliary material used to administer our website, and their content is not disclosed to anyone except those authorized to administer the server.
We use the following technologies to track your activities within our website:
- Google Analytics tracking code - to analyze website statistics;
- heat maps that represent your navigation on our website, and so the statistics of use of our website;
- collecting information such as the number of clicks on the link, location and source of the click (e.g. Facebook, e-mail, etc.) through the application provided by bitly.com;
- Facebook conversion pixel - to manage Facebook ads and run remarketing activities.