PRIVACY POLICY FOR THE WEBSITE inventia.online of 1st of March, 2023

Ladies and Gentlemen, we are very pleased to welcome you to our website. We attach great importance to the protection of your data and we want you to feel completely safe when visiting the agreus.pl website. Below you will find explanations about the type of personal data collected by us when visiting the website and how they are processed. The following Privacy Policy is intended to inform you about how we use your data, for which we meet all the requirements of Regulation (EU) 2016/679 EU of the European Parliament and of the Council of 27 April 2016 (hereinafter: “GDPR”). You can direct any comments regarding the Privacy Policy, personal data processing, or other to the Personal Data Protection Specialist: e-mail: abi@inventia.pl or directly to the address details of Inventia Sp. z o.o., Poleczki 23, 02-822 Warsaw, Poland.

 

PERSONAL DATA ADMINISTRATOR

The administrator of Personal Data is Inventia Sp. z o. o. with its registered office in Warsaw (02-822), ul. Poleczki No. 23, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court in Warsaw, 13th Commercial Division of the National Court Register under KRS number 0000023113, with a share capital of PLN 50,000, NIP 9512017534, REGON 017311391, hereinafter referred to as the “Administrator”.

 

GENERAL INFORMATION

Using the website does not require you to provide any personal data. Providing your data is voluntary, but it may be necessary to use certain services, e.g. the Newsletter service. The website contains links to other websites. We encourage you to read the privacy policy set out there after going to other websites. Please be advised that by using the website you accept this Privacy Policy. If you want to contact us without providing personal data in electronic form, please send a letter to the following address: ul. Poleczki 23, 02-822 Warsaw.

 

SCOPE OF PROCESSED DATA

Personal data means information about a specific or identifiable natural person (the website user).

This includes direct information about you, such as:

  1. name and surname;
  2. e-mail address;
  3. position;
  4. company name;
  5. company address;
  6. VAT ID number;
  7. telephone number;
  8. IP address.

 

PURPOSE OF DATA PROCESSING WITH LEGAL BASIS

Your data may be processed by the Administrator based on:

  1. Necessity to perform the contract or to take action before its conclusion (Article 6(1)(b) of the GDPR), including consideration of complaints or handling of the User Account.
  2. consent (Article 6(1)(a) of the GDPR), in order to:
  • provision of the newsletter service;
  • using the contact forms on the website;
  • conducting the Administrator’s marketing;
  • sending surveys regarding the Administrator’s products or services;
  • sending surveys to measure customer satisfaction;
  1. the Administrator’s legitimate interest (Article 6(1)(f) of the GDPR), in order to:
  • defense against possible claims, where the Administrator’s legitimate interest is to pursue or defend claims;
  • creating a list of contractors.

We process your data only if you give your consent or to the extent permitted by law. On the website, we do not collect or process identification data to transfer or sell them to third parties for marketing purposes, and we do not send messages on behalf of third parties.

 

DATA TRANSMISSION

Personal data may be transferred to entities processing them at the request of the Administrator based on contracts concluded with the Administrator, but only for the purpose and to the extent necessary to achieve the purposes listed in the paragraph PURPOSE OF DATA PROCESSING WITH LEGAL BASIS, and such entities process data only following the Administrator’s instructions.

If the transfer of personal data to an external service provider is necessary for the implementation of the above purposes, the Administrator will ensure, using appropriate technical and organizational measures, the compliance of personal data processing with the provisions of the law on the protection of personal data (GDPR). In addition, the Administrator will oblige external service providers to comply with applicable data protection laws, to maintain the confidentiality of such personal data, and to delete them without undue delay when they are no longer needed.

Personal data may be transferred to the following recipients or categories of recipients:

  1. service providers supplying the Administrator with technical, IT, and organizational solutions, enabling the Administrator to run a business, including a website (in particular, e-mail and hosting providers, marketing activities, sending the Newsletter, and providing technical assistance to the Administrator);
  2. marketing service providers – marketing agencies providing the Administrator with support in marketing activities;
  3. providers of accounting, legal, advisory, and translation services providing the Administrator with accounting, legal, advisory, or translation support (in particular an accounting office, law firm, or translation agency).

We may transfer data to entities in countries based outside the European Union (EU) or the European Economic Area (EEA) (so-called third countries) that act on behalf of the Administrator as an entity processing data on commission (e.g. IT service providers or computing centers ).

Then the Administrator verifies whether a decision of the EU Commission on the appropriate level of data protection applicable there is available for a given country. If no adequacy decision by the EU Commission is available for a particular country, we enter into contracts following the EU Data Protection Guidelines which ensure that your rights and freedoms are adequately protected and guaranteed. In addition, we do not transfer personal data to other countries outside the EU or EEA or to international organizations.

 

SOCIAL MEDIA PLUGINS

Personal data is only transferred to social networks when you take the active action of clicking on the relevant page element containing a link to social media. After clicking on the link, the web browser will start connecting to the servers of the given social networking site, and you will be redirected to the website of the external service provider, i.e. the owner of the given social networking site. At the same time, the web browser will establish a direct connection with the servers of the selected social networking site. The use of these features may involve the use of third-party cookies. From the moment you click on a given link, personal data is processed on the social networking site, and the owner of the social networking site becomes a co-administrator of personal data. The Administrator informs that from the moment of actively clicking the plug-in button, the Administrator does not influence the nature and scope of personal data collected by the owner of a given social networking site.

The data is sent regardless of whether you have an account on a given social network or whether you are logged in. If you are logged in to a given social platform, the collected personal data will be directly assigned to the account (profile) used.

If you are a user of a particular social network and you do not want that social network to collect data through this website or application and combine this data with member data stored on the social network, please log out of the social network before visiting the website or application.

Details on individual privacy policies are available here:

Facebook: Meta Privacy Policy – Collection and Use of Data About Users on Meta | Privacy Center | Manage your privacy on Facebook, Instagram, and Messenger | Privacy on Facebook

YouTube: YouTube Privacy Settings – How YouTube Works

LinkedIn: LinkedIn Privacy Policy

 

DATA STORAGE PERIOD

Personal data provided to us by you will be stored for the period required for the purposes for which they were collected or resulting from the law.

 

USERS’ RIGHTS

To implement the rights described below, please contact abi@inventia.pl.

The right to access your data

You have the right to obtain information about the personal data we hold about you, including a copy of this data.

The right to correction of the user’s data

You have the right to request correction of your data that is incorrect. Taking into account the purposes of the processing, you have the right to request supplementation of incomplete personal data, including by submitting an additional statement.

The right to delete your data

You have the right to request the erasure of your data stored by us in the following cases:

  1. Your data are no longer necessary for the purposes for which they were collected;
  2. You have withdrawn your consent on which the processing is based and there is no other legal basis for the processing;
  3. You have objected to the processing and there are no overriding legitimate grounds for the processing;
  4. Personal data has been processed unlawfully;
  5. Personal data must be deleted to comply with a legal obligation provided for in European Union or national law;
  6. Personal data has been collected in connection with the offering of information society services referred to in art.8 sec.1 GDPR.

Right to data portability

You have the right to receive, in a structured, commonly used, readable format, personal data concerning you that you have provided to us if the processing of such data is based on consent or a contract and in an automated manner. If you request that these data should be sent to another data controller, this will be done, provided that it is technically possible.

The right to limit the processing of user data

You have the right to request that the processing of your data be restricted in the following cases:

  1. You question the correctness of the personal data – for a period enabling us to check the correctness of this data;
  2. The processing is unlawful and you oppose the deletion of personal data, requesting the restriction of their use instead;
  3. We no longer need your data for the processing, but you need them to establish, pursue or defend claims;
  4. You have filed an objection according to Art.21 sec.1 regarding processing – until it is determined whether the legitimate grounds on the part of the administrator override the grounds for objection.

The right to object to the processing of your data

If your data is processed based on the legitimate interest of the Administrator, you have the right to object to the processing at any time, following Art. 21 GDPR.

The right to withdraw consent to the processing of the user’s data

You have the right to withdraw your consent to the processing of personal data at any time. Revocation of consent to the processing will not affect the lawfulness of the processing that was carried out before its withdrawal.

The right to report violations of the provisions of the GDPR

The security of personal data is our priority, however, if you consider that by processing your data we violate the provisions of the GDPR, you have the right to lodge a complaint with the President of the Office for Personal Data Protection.

 

PROFILING

The Administrator may automatically adjust certain content to your needs, i.e. perform profiling, using the personal data provided by you. If profiling could result in making decisions that have legal effects on you or affect you in a similarly significant way, the Administrator will carry them out only if you consent to it.

 

SECURITY

The Administrator has implemented generally accepted standards of technical and organizational security to protect personal data and information against loss, misuse, change, and destruction. In particular, we ensure compliance with all relevant confidentiality obligations and technical and organizational security measures to prevent unauthorized and unlawful disclosure and processing of such information and data and their accidental loss, destruction, or damage. Only authorized employees or associates of the Administrator who have committed to keeping the data confidential have access to personal identification data.

The administrator tries to ensure that data processing is based on the following rules:

  1. Lawfully, fairly, and transparently;
  2. Collected for specific and legitimate purposes and not further processed in a manner inconsistent with these purposes;
  3. Adequate, relevant, and limited to what is necessary for relation to the purposes for which they are processed;
  4. Correct and update as necessary;
  5. Kept in a form that allows identification of the data subject for a period not longer than it is necessary for the purposes for which the data is processed;
  6. Processed in a manner that ensures adequate security of personal data;
  7. Kept and processed in a manner that ensures the implementation of the rights that data concerns.

Your data is stored by the Administrator in a secure operating environment, without public access to it. It is a relational database hosted in the cloud of Amazon Web Services, Inc. within the European Union. User data is secured and passwords are encrypted.

 

COOKIES POLICY

We use cookies and similar technologies to determine your preferences and optimize the website. All details regarding cookies are available at the link [LINK TO COOKIES POLICY]

 

CHANGES TO THE PRIVACY POLICY

The Administrator reserves the right to update or change this Privacy Policy at any time by publishing its new version on the agreus.pl website, therefore we ask you to regularly check the content of this Privacy Policy.