Privacy of users of Agora SA websites (including www.kroje.xyz) is of great importance to us. Therefore, we have published the document explaining the rules and means of collecting, processing and using information about www.kroje.xyz website users.
Data Controller: Agora S.A. with its registered seat in Warsaw (00-732), Czerska 8/10 street, entered in the register of entrepreneurs of the National Court Register kept by the District Court for the capital city of Warsaw in Warsaw, 13th Commercial Division of the National Court Register, under KRS No 59944, share capital: PLN 47,665,426 fully paid-up, Tax ID No (NIP): 526-030-56-44.
Personal Data: any information about a natural person who is identified or identifiable through one or more factors specific to physical, physiological, genetic, psychological, economic, cultural or social identity of the natural person, including device IP number, location data, online ID and information collected by means of cookies or a similar technology.
GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 7 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
Website: website published by the Controller to which this Notice applies, i.e. www.kroje.xyz
User: any natural person visiting the Website or using one or more services or features available on the Website.
PROCESSING OF DATA IN CONNECTION WITH THE USE OF THE WEBSITE
In connection with the User’s use of the Website, the Controller collects data to the extent necessary to provide individual services available on the Website and also collects information about the User activity on the Website. The detailed rules and purposes of processing of personal data collected during the User’s use of the Website are described below.
PURPOSES AND LEGAL GROUNDS FOR DATA PROCESSING ON THE WEBSITE
Use of the Personal data of all persons using the Website (including IP address or other identifiers or information collected be means of cookies or other similar technologies) is processed by the Controller:
The User activity on the Website, including his/her personal data, is recorded in systems logs (a special computer program used to store chronological records containing information about events and activities in the IT system, used by the Controller to provide services). Information contained in the logs is processed mainly for the purpose of service provision. The Controller also processes the data for technical and administrative purposes, to administer the IT system and ensure its security, as well as for analytical and statistical purposes – the legal grounds for processing in this respect shall be the Controller’s legitimate interest (Article 6(1)(f) if the GDPR).
The Controller provides the possibility of contacting it by means of electronic contact forms. Using a form requires the provision of personal data necessary for contacting the User and responding to his/her request. The User may also provide additional data in order to facilitate the contact or handling of the request. Provision of data marked as obligatory is required for the acceptance and handling of a request; failure to provide the data renders the request handling impossible. Provision of other data is voluntary.
Personal Data is processed:
Persons who have provided their e-mail address for the newsletter purposes will receive the newsletter service from the Controller. Provision of data is required for the provision of the newsletter service; failure to provide the data renders the sending of a newsletter impossible.
Personal Data is processed:
SOCIAL NETWORKING SITES
The Controller processes personal data of the Users visiting the Controller’s social media profiles (Facebook, YouTube, Instagram, Twitter, LinkedIn). The data is processed only in connection with running the profile, including to inform the Users about the Controller’s activity and promotion of various events, services and products. The legal grounds for the Controller’s processing of personal data for this purpose shall be the Controller’s legitimate interest (Article 6(1)(f) of the GDPR), consisting in promotion of own brand.
COOKIES AND SIMILAR TECHNOLOGIES
Cookies files (“cookies”) are IT data, especially text files, installed on a device of the User who browses the Website. Cookies usually contain the name of the website domain from which they come from, the time of their storage on an end device and a unique number. Information relating to cookies contained in this Notice also apply to other similar technologies used by the Website.
Cookies are used:
More information about cookies
PERSONAL DATA PROCESSING PERIOD
The period of data processing by the Controller depends on the type of service provided and the purpose of processing. In general, data is processed for a period of service provision or order execution, until the User has withdrawn his/her consent or effectively objected to the processing of data in cases where the Controller’s legitimate interest serves as the legal grounds for data processing. The data processing period may be extended if the processing is necessary to establish, exercise or defend against claims (if any) and, after the period, only if (and as far as) required by laws. After expiry of the data processing period, data is irretrievably erased or anonymised.
The User has the right to: access the content of data and to request its rectification, erasure or restriction of processing, right to data portability, right to object to the processing, as well as the right to lodge a compliant with a supervisory authority competent for personal data protection. To the extent that the User data is processed on the basis of consent, the consent may be withdrawn at any time, by contacting the Controller (by e-mail, at firstname.lastname@example.org or in writing to: Agora S.A. ul. Czerska 8/10 00-032 Warszawa).
RIGHT TO OBJECT
The User may at any time object to the processing of his/her data for direct marketing purposes, including profiling, if the processing is conducted in connection with a legitimate interest of the controller. The User may at any time object to the processing of his/her data for reasons related to his/her specific situation, in cases where the Controller’s legitimate interest serves as the legal grounds for data processing (e.g. in connection with pursuing analytical and statistical purposes, including profiling). More information about the rights arising from the GDPR can be found in the Personal data processing policy, which is attached hereto and is also available here.
In connection with the performance of services, personal data will be disclosed to external entities, including, in particular, providers responsible for operation of the IT systems used to provide services, to the entities such as: banks, payment operators, research companies, providers of accounting services, couriers (in connection with order execution), marketing agencies (in connection with marketing services) and the Controller’s affiliates, including companies in its capital group.
If the User has given consent, his/her data may be also made available to other entities for their own purposes, including marketing purposes.
The Controller reserves the right to disclose information concerning the User to the competent authorities or to third parties who request to be provided with such information, on the basis of appropriate legal grounds and in line with applicable laws.
TRANSFER OF DATA OUTSIDE THE EUROPEAN ECONOMIC AREA
The level of Personal Data protection outside the European Economic Area (EEA) varies from the level provided by European laws. For this reason, the Controller transfers personal data outside the EEA only when this is necessary, with appropriate protection level provided, primarily through:
Controller always communicates its intention to transfer personal data outside the EEA at the collection stage.
SECURITY OF PERSONAL DATA
The Controller analyses risk on an ongoing basis in order to ensure that personal data is processed by it in a secure manner which, most of all, guarantees that data can be accessed only by authorised persons and only within such scope as is necessary because of their tasks.
The Controller ensures that all operations on personal data are recorded and carried out by authorised employees and collaborators exclusively. The Controller takes all necessary actions to cause its subcontractors and other collaborators to guarantee the application of appropriate security measures every time they process personal data at the Controller’s request.
The Controller can be contacted via e-mail at email@example.com or in writing to: Agora S.A. ul. Czerska 8/10, 00-032 Warszawa.
The Controller has appointed a Data Protection Inspector who can be contacted via e-mail at firstname.lastname@example.org in any matter pertaining to the processing of personal data.
AMENDMENTS TO THE PRIVACY NOTICE
This Notice is reviewed on regular basis and updated as needed. The current version of the Notice was adapted on has been in force since July 19, 2019.