Private Policy
Personal data at Asseco Data Systems S.A. is processed on the basis of applicable laws, in particular the European Parliament and the Council (EU) 2016/679 of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free flow of such data and repealing Directive 95/46/EC (hereinafter: "RODO") and the Law of May 10, 2018 on the Protection of Personal Data (hereinafter: "the Law").
This Privacy Policy sets out the rules for the processing of personal data in Asseco Data Systems S.A., as well as the rules for the processing of data in the Websites operated by Asseco Data Systems S.A.
PERSONAL DATA CONTROLLER
The administrator of the Personal Data processed in the company for various purposes related to the company's business activities is Asseco Data Systems S.A., seated in Gdańsk, ul. Jana z Kolna 11, 80 - 864 Gdańsk, entered in the Register of Entrepreneurs of the National Court Register under the number KRS 0000421310, kept by the District Court of Gdańsk - North in Gdańsk, VII Commercial Department of the National Court Register, NIP 517-03594-58, REGON 180853177, whose share capital amounts to PLN 120,002,940.00 (paid in full);
You can contact us:
· by letter (snail mail), writing to the address indicated above,
· via email at kontakt@assecods.pl,
· by phone at +48 58 550 95 00.
Data Protection Officer
We have appointed a Data Protection Officer whom you can contact:
· by letter (snail mail), writing to: Asseco Data Systems S.A., Office in Lodz, 136 Narutowicza St., 90-146 Lodz,
· via e-mail at: IOD@assecods.pl,
· by phone at +48 42 675 63 60.
Asseco Data Systems S.A. complies with all privacy and processing rules set forth in the RODO also with respect to data entrusted by other Administrators or Entrustors.
WHAT IS PERSONAL DATA AND ACCORDING TO WHAT PRINCIPLES DO WE PROCESS IT?
Personal data - all information about a natural person identified or identifiable by one or more specific factors that determine physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, Internet ID and information collected through cookies and other similar technology.
The Personal Data Administrator processes data in accordance with the following principles:
· Reliability and lawfulness - meaning that data will be processed fairly, in accordance with correctly identified, RODO-compliant legal bases that are adequate for each processing activity. The Personal Data Controller identifies and determines the appropriate legal basis for each processing activity.
· Transparency - meaning that data subjects are informed in a transparent, accessible and understandable manner about who will process their data, on what basis, for what purpose, to what extent and for how long. Data subjects are further informed about: the recipients of the data, their rights and how to exercise them, and whether the data will be transferred to countries outside the EU and whether the data will be subject to automated decision-making and, if so, what impact this will have on the data subject.
The Personal Data Controller ensures that the information obligation will be fulfilled:
· in the case of collection of data from the data subject - at the latest at the time of collection,
· in the case of collection of data from a source other than the data subject - no later than within 30 days of their acquisition;
· Purpose limitation - meaning that personal data is collected and processed for specific, explicit and legitimate purposes and that it is not further processed in a manner incompatible with those purposes.
· Data minimization - meaning that data is adequate and limited to what is necessary to achieve the purpose for which it is processed.
· Correctness - meaning that the processed data are correct, truthful and are subject to updates when necessary.
· Storage limitations - meaning that data will be stored in a way that allows the data subject to be identified for no longer than necessary to fulfill the purposes for which the data are processed.
· Integrity and confidentiality - which means that the data are processed in a manner that ensures their adequate security and, in particular, in a manner that ensures protection against: accidental or unauthorized loss, modification, damage or destruction. The Personal Data Administrator shall ensure data security through the use of adequate technical and organizational measures. The Personal Data Controller shall develop a personal data protection system taking into account the risks defined in his organization to which the processed data are exposed (risk-based approach). A description of the measures used is included in this document.
· Accountability - meaning that the Personal Data Controller processes personal data in a manner that ensures compliance with the provisions of the RODO in connection with their processing operations, and that it will be able to demonstrate the implementation of organizational and technical measures to ensure data processing in accordance with applicable laws. Demonstration of the implementation of these measures will take place in particular through the implementation of appropriate rules, procedures and policies describing the rules of conduct for data processing.
The Data Controller strives to ensure that every process, solution or business idea, as early as in the design phase, should be analyzed for the use of personal data in that solution and take into account the protection of that data. This analysis should be carried out further, including already during the processing itself (privacy by design).
WHAT PERSONAL INFORMATION MAY BE COLLECTED BY THE INTERNET WEBSITE.
USE OF COOKIE MECHANISMS AND OTHER MARKETING TOOLS
- During the User's visit to the Website, information about the Users of the Websites may be collected automatically through the use of services provided by modern marketing tools suppliers, including cookies files. Such information may constitute personal data.
- Cookies are small text files created by the Website, stored on the user's device, and can only be used by the browser through which they were created. The use of Internet Services thus involves the use of the following types of cookies:
- Necessary cookies – allow us to browse the website and use its functions. These may be authentication files or files providing security.
- Analytical cookies – primarily serve to improve a given website. They collect user data in such a way as to ensure their complete anonymity. Thanks to them, we know which pages have been visited and whether any unwanted complications have occurred during the visit. Based on them, we cannot identify the user.
- Preference cookies – enable the collection of information about the choices users make when visiting websites. Thanks to these cookies, it is possible to personalize the website - displaying the appropriate language and advanced customization of content and selected options.
- Marketingowe cookies - to pliki zorientowane na działania promocyjne i to dzięki nim jest możliwe targetowanie reklam dostosowanych do użytkownika, a także mierzenie skuteczności wdrażanych kampanii reklamowych.
- A detailed description of the tools used, including cookies files, containing the scope, purposes, and period of storing information collected through them, is provided below.
| Tool | Purpose of information collection | Scope of information collected | Data retention period (from the date of collection) |
|---|---|---|---|
| GA4 | Traffic analytics, understanding user behaviors, tracking conversions and goals, user segmentation, measuring return on marketing investment | Events, Custom Variables, Conversions | 14 months |
| Google Ads | Evaluation of advertising campaign effectiveness | Advertising data, Demographic and geographic data, Conversion data, Conversion tracking data | 90 days / permanent |
| Tracking profile performance, evaluating content effectiveness, understanding the audience, monitoring advertising campaigns | Profile statistics, content statistics, audience demographic data, behavioral data | 6 months | |
| Piwik | User behavior analysis, effectiveness evaluation, audience segmentation | Session information, User behavior | permanent |
| Salesmanago | Marketing personalization, audience segmentation, marketing automation | Contact data, Behavioral data | 1 year / permanent |
| go.pl | Improving site usage, personalizing content | IP addresses, device information, demographics | session / 1 month |
| Hotjar | Analysis of user behavior, Evaluation of site performance, Testing and optimization | User session recordings (excluding data entered into forms), browser type information, operating system type, country of login based on IP (without visible IP), maps of most frequent clicks | session / 1 year / 30 minutes |
| Crazy Egg | Analysis of user behavior, Evaluation of site performance, Testing and optimization | Heat maps, scroll maps, click maps, A/B testing, visual analysis | session / 1 month / 1 year |
| Freshmail | Building a list of subscribers, Tracking campaign effectiveness | Email addresses, Demographics, Activity history | 1 year |
| Complianz | Managing cookie consents | User IP address, Type of user device, User's browser version, Date and time of the user's visit to the online store, Information about cookies to which the user has consented. | 1 year |
| Finsweet | Managing cookie consents | User IP address, Type of user device, User's browser version, Date and time of the user's visit to the online store, Information about cookies to which the user has consented. | 6 months |
| Cookiebot | Managing cookie consents | User IP address, Type of user device, User's browser version, Date and time of the user's visit to the online store, Information about cookies to which the user has consented. | 1 year |
| PlumRocket | Managing cookie consents | User IP address, Type of user device, User's browser version, Date and time of the user's visit to the online store, Information about cookies to which the user has consented. | 1 year |
| Cookie-law-info | Managing cookie consents | Recording of cookie preferences | 1 year |
| Cloudflare | Domain security | Filtering machine requests | 30 min |
| Google reCAPTCHA | Spam Prevention | Filtering of machine requests / Spam protection | session |
| WP_Darkmode | Preference settings | Preference data | 1 day |
| WPML | Language preference settings | Data on the language used | session |
| Polylang | Language preference settings | Data on the language used | 1 year |
| cerber_groove | Protection against malware | IP and behavioral data | 1 year |
| Twitter (X) | Twitter integration and social media sharing capabilities | Profile statistics, content statistics, audience demographic data, behavioral data | 1 year |
| Tracking website visits | Profile statistics, content statistics, audience demographic data, behavioral data | 3 monthe | |
| Gemius | Marketing effectiveness analytics | IP addresses, device information, demographics, user activity on the site | 13 months |
| Smart AdServer | Optimizes ad display based on user traffic | IP addresses, device information, demographics, user activity on the site | 1 year |
| Adform | Optimizes ad display based on user traffic | IP addresses, device information, demographics, user activity on the site | session |
| YouTube | Content personalization | User behavior data, Technical data | session |
| Microsoft Clarity | Analysis of user behavior, recording user behavior | Load and site metadata. Event data on the site | 30 days |
- The user of the Service has the option to choose which types of cookies will be used during their visit to the Service, whereby necessary cookies may be and are used regardless of the User's consent, while for other cookies, they are used with the User's consent. The user will be asked to express consent to the use of individual types of cookies when visiting the Service. Before giving consent, the Administrator provides access to this Privacy Policy and recommends reading it.
- Due to the nature of cookies and the fact that they are stored on the user's device, the Administrator may only ensure the withdrawal of consent to the use of cookies by recommending changes to the settings of the web browser. Changes to the settings can be made by selecting the "Privacy and Security" tab in the browser options. In any case, direct contact with the Administrator is also possible in order to exercise the User's rights related to the processing of their data.
- Cookies do not modify other data stored in the user's device's mass memory and do not affect the proper operation of the operating system.
- Some of the tools used on the Website may result in automated decision-making regarding the User (especially profiling) within the scope of a given Internet Website. The consequence of such action may be, in particular, the display of ads for certain products and services offered by the Administrator. The User has the right to request the Administrator to have the automated decision reviewed by a human. To do so, the User should contact the Administrator as specified in the "Exercise of data subjects' rights" section.
- None of the marketing tools used by the Administrator are used for the direct identification of users of the Internet Website.
CONTACT FORMS, RECRUITMENT FORMS, AND ORDER FORMS
- To ensure maximum transparency, in cases where the Website utilizes a form in which the User provides data directly identifying them, information about the data controller, purpose of processing, legal basis, recipients, storage duration, and other information required by applicable law are provided to the User at the moment of collecting data through the respective form.
1. When using the Website, Double Click Cookies are stored in the storage of the device used by the User:
· collect information on how you use the content of the Website (they include a randomly generated 18-digit unique identifier assigned to web browsers installed on specific User devices),
· are used to store data of a logged-in User to a given Website (active sessions) concerning, among others, the selected language of the Website, search filter settings, User data (login or name) used to log in to a given Website, or authorization token in a given Website.
2. The ID of a particular device stored in the Double Click Cookie is added to a remarketing list, which is stored on Google's servers and then grouped by specific categories.
3. The information stored in cookies, located in the storage of the User's device, is later used for remarketing.
4. Remarketing involves the use of data collected in cookies, by third-party vendors, to display advertisements based on data collected during the User's use of the Website content.
5. The user can manage cookies himself in his browser by selecting the Privacy and Security tab in the browser options.The user can also opt out of receiving advertisements, using the option to disable Google ads or on the Network Advertising Initiative website.
6. Cookies do not in any way modify other data in the storage of the User's device, as well as do not affect the proper operation of the operating system.
7. The Administrator does not use cookies to directly identify Users of the Website.
PRINCIPLES OF SHARING AND ENTRUSTING PERSONAL DATA.
The Personal Data Administrator shares (including entrusts) personal data with other entities (data recipients) on the basis of:
· legislation in force
· business decisions on outsourcing selected parts of the business.
In the case of sharing data with entities to which the Personal Data Controller subcontracts services in its name and on its behalf, a written entrustment agreement is required. The decision to entrust is preceded by an analysis of the credibility and reliability of the entity.
Any decision to outsource services, requires it to be analyzed by the Personal Data Controller also in terms of entering into an entrustment agreement for processing.
IMPLEMENTATION OF THE RIGHTS OF DATA SUBJECTS.
Asseco Data Systems, in its role as a controller of personal data, ensures that the rights of the persons whose data it processes can be realized. Requests arising from the rights of data subjects can be realized:
· by submitting an application at https://www.daneosobowe.assecods.pl,
· by writing to the Data Protection Officer's email address: IOD@assecods.pl,
· by reporting directly to one of the administrator's offices and making the request in person..
PROVIDING INFORMATION TO DATA SUBJECTS.
Asseco Data Systems S.A., as controller, provides each individual with information about the processing of his/her personal data. The Data Controller, upon the request of an individual, shall respond whether it processes his/her personal data. If he/she processes his/her data, he/she grants access to personal data and provides information about:
· person and contact information of the administrator,·
· person and contact information of the Personal Data Inspector,
· purpose of processing,· the legal basis for processing,
· information about the recipients or categories of recipients to whom the data will be disclosed,
· the planned period of storage of personal data,
· the right to request rectification, erasure or restriction of data processing, data portability, and to object to such processing (the rights due to data subjects depend on the basis of processing applied in a given case),
· the right to lodge a complaint with the supervisory authority for the protection of personal data,
· information about the intention to transfer data outside the EU,
· information about the obligation to provide data and the consequences thereof,
· information about whether the data will be processed by automated means and whether it will be subject to profiling,
· the categories of data involved and the source from which the person's data was obtained - in case it did not come directly from the person.
The information specified above is, in accordance with the implementation of the principle of transparency, provided to data subjects in information clauses.
DATA SECURITY.
Asseco Data Systems makes every effort to ensure that the data processed in its enterprise are protected to the highest standards. It conducts a risk analysis for the processing activities for which it is the administrator and for the processing of data it has been entrusted with in order to select optimal technical and organizational means by which to ensure confidentiality, integrity and availability of personal data.
The Personal Data Administrator will regularly test, measure and evaluate the effectiveness of technical and organizational measures to ensure the security of processing and adjust security measures according to the results of the measurements.
Asseco Data Systems regularly conducts internal audits and undergoes independent assessments by external auditing firms for standards: ISO 9001, ISO 27001, ISO 22301.
Privacy settings center
When you visit websites, they may download and store data in your browser. This is often necessary for the basic operation of the site. Cookies may be used for marketing, analytics and site personalisation, such as storing your preferences. Blocking the categories may affect your experience of the site.
Our Privacy Politic