Privacy Policy

Spyrosoft Spółka Akcyjna
and
Spyrosoft Solutions Spółka Akcyjna

§ 1

1. The controller of personal data you provide is:

1) SPYROSOFT Spółka Akcyjna with its registered office in Wrocław, Plac Nowy Targ 28, entered in the Register of Entrepreneurs kept by the District Court for Wrocław – Fabryczna in Wrocław, 6th Commercial Division, under KRS number: 0000616387, Tax Identification Number (NIP): 8943078149,

2) SPYROSOFT Solutions Spółka Akcyjnawith its registered office in Wrocław, Plac Nowy Targ 28, entered in the Register of Entrepreneurs kept by the District Court for Wrocław – Fabryczna in Wrocław, 6th Commercial Division, under KRS number: 0000724282, Tax Identification Number (NIP): 8992842857,

hereinafter referred to as the Controllers.

2. The Controllers jointly determine the purposes and methods of processing and conduct the processing of your personal data.

3. You can contact the Controllers in writing via traditional mail at: Plac Nowy Targ 28, 50-141 Wrocław or by email sent to the following address: rodo@spyro-soft.com.

4. The Controllers will process the following personal data: first and last name, email address, phone number.

5. The basis for processing your personal data is:

  • your consent to the processing of personal data and receiving marketing communication, in particular expressed through the form posted on the websites used by the Controllers to conduct business;
  • necessity resulting from the legitimate interests pursued by the Controllers, such as providing information about the business activity conducted by the Controllers and the products offered, reliable performance of the obligations undertaken by the Controllers, in particular the implementation of contracts, offering products/services of the highest standard, as well as providing information about the Controllers. The processing of personal data to the aforementioned extent falls within the scope of business activities conducted by each of the Controllers and is necessary in order to provide customers with information, products and services;
  • in the event of concluding an agreement – the need to reliably perform the obligations arising from it.

6. Your personal data will be processed in order to:

  • present an offer regarding the services or products provided by the Controllers, as well as information about new solutions introduced;
  • providing marketing information and messages;
  • providing information about meetings, promotions and other activities related to the business conducted by the Controllers;
  • in the event of concluding an agreement with one of the Controllers for the provision of services, your data will be used for the purposes related to the reliable implementation of such an agreement, including accounting and complaint processing.

7. Your personal data may be made available to recipients who directly perform activities as part of the services performed or to recipients through whom the Controllers carry out marketing or information activities.

8. Your personal data may also be transferred to an entity providing hosting services to the Controllers, which has appropriate safeguards against third party access to the data stored.

9. Your personal data will not be transferred to recipients located in a third country, i.e. outside the European Economic Area.

10. You have the right to:

  • request the Controllers to provide access to, rectify, delete or restrict the processing of your personal data;
  • object to such processing;
  • transfer your data;
  • lodge a complaint with a supervisory authority.

11. The above rights may be exercised by submitting an application using the details indicated in section 3 above.

12. Your personal data may be subject to automated decision making, including profiling.

13. Your personal data will be processed:

  • on the basis of consent – until its withdrawal or cessation of the purpose for which the data was collected. The consent granted may be withdrawn at any time, without prejudice to the lawfulness of the processing carried out on the basis of such consent before its withdrawal;
  • in connection with the performance of an agreement concluded with one of the Controllers – until the expiry of the period in which the Controller or you may pursue claims related to the concluded agreement, or until the expiry of the period in which proceedings may be initiated by public administration bodies in connection with the performance of the agreement;
  • in connection with conducting marketing and information activities – until the end of conducting activities by the Controllers consisting in offering products and services and conducting marketing campaigns.

§ 2

1. The Website you use, available at: www.spyro-soft.com (Website), does not automatically collect any information, except for the information contained in cookies.

2. Cookies are computer data, in particular text files, which are stored on the terminal device used by you to use the Website and allow you to use it. Cookies usually contain the name of the website from which they originate, the duration of their storage on the terminal device, and a unique number.

3. Entities that place cookies on your terminal device and that have access to those files are the Controllers.

4. Cookies are used for:

  • adjusting the content of pages of the Website to the your preferences and optimising the use of pages; in particular, these files allow to recognise the Website user’s device and properly display the Website in a way adjusted to your individual needs;
  • creating statistics that help to understand how the users of the Website use the pages, which allows to improve their structure and content;
  • maintaining a session for the Website user (after logging in), thanks to which you do not have to re-enter your login and password on each page of the Website.

5. The Website uses the following types of cookies:

  • “necessary” cookies, enabling the use of services available within the Website, e.g. authentication cookies used for services that require authentication on the Website;
  • security cookies, e.g. cookies used to detect authentication frauds on the Website;
  • “performance” cookies enabling the collection of information on how you use the Website;
  • “functional” cookies, which enable “remembering” the settings you selected and personalising your interface, e.g. the selected language or region of your origin, font size, page appearance, etc.;
  • “advertising” cookies, which allow to provide you with advertising content that is more relevant to your interests.

6. In many cases, the software used for browsing websites (web browser) allows cookies to be stored on the your terminal device by default. Users of the Website may change their cookie settings at any time. These settings may be changed, in particular, in such a way as to block the automatic use of cookies in the web browser’s settings, or to you about each time cookies are stored on your terminal device. Detailed information about the possibilities and methods of handling cookies can be found in the software (web browser) settings.

7. Restrictions on the use of cookies may affect certain functionalities available on the Website.

8. Cookies stored on your terminal device may also be used by advertisers and partners cooperating with the Website operator. For more information on cookies, please visit https://wszystkoociasteczkach.pl/ or the “Help” section of your browser’s menu.

§ 3

1. The Controllers have formulated individual personal data security goals and taken the steps necessary for them to occur in the company they run:

  • ensuring that the processing of personal data is lawful, fair and transparent for the data subject (“lawfulness, reliability and transparency”);
  • ensuring that personal data is collected for specific, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (“purpose limitation”);
  • ensuring that the collection of personal data is adequate, relevant and limited to what is necessary for the purposes for which it is processed (“data minimisation”);
  • The Controllers shall take steps to ensure that personal data is correct and, where necessary, kept up to date, as well as all reasonable steps to ensure that personal data that is incorrect in light of the purposes of its processing is promptly deleted or rectified (“accuracy”);
  • The Controllers shall take steps to ensure that personal data is kept in a form which permits identification of the data subject for no longer than is necessary for the purposes for which it is processed (“storage restriction”);
  • The Controllers shall take steps to ensure that personal data is processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing or accidental loss, destruction or damage, by appropriate technical or organisational measures (“integrity and confidentiality”).

2. The objectives referred to in section 1 shall be pursued by taking appropriate steps and applying effective safeguards, which shall include in particular:

  • adequate security of the IT systems in which personal data is processed;
  • continuously raising the awareness and knowledge of employees/co-workers in the field of personal data security;
  • communicating to employees/co-workers the consequences, including disciplinary, in the event of a personal data breach;
  • assigning access to documents, materials or systems containing personal data only to authorised persons;
  • securing documents, materials or systems against the loss or destruction of personal data contained therein;
  • implementing detailed rules defining the method of user rights management and authentication rules in all systems operated by Controllers;
  • conducting thorough tests in the process of preparing new software;
  • reporting of information security incidents;
  • regular risk analysis in the area of information security and designing activities to minimise potential risks;
  • entrusting personal data only to such third parties that provide sufficient guarantees for the implementation of appropriate technical and organisational measures to ensure that the processing meets the requirements of the generally applicable law and this document, and protects the rights of the data subjects.

3. Taking into account the state of technical knowledge, the cost of implementation and the nature, scope, context and purposes of processing, as well as the risk of violation of the rights and freedoms of natural persons with different probabilities of occurrence and the severity of the threat resulting from processing, the Controllers have implemented – both when determining the methods of processing and during the processing itself – appropriate technical and organisational measures, designed to effectively implement the principles of data protection in order to meet the requirements of generally applicable law and to protect the rights of data subjects.

§ 4

In matters not covered herein, the provisions of the Civil Code and the relevant laws of the Polish law, as well as the laws of the European Union, in particular the GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC) shall apply.

3. Taking into account the state of technical knowledge, the cost of implementation and the nature, scope, context and purposes of the processing as well as the risk of infringement of the rights or freedoms of natural persons with different probabilities of occurrence and the gravity of the risk resulting from the processing, the Controller has implemented – both at the time of determining the means of processing and during the processing itself – appropriate technical and organizational measures designed to effectively implement data protection principles in order to comply with the requirements of generally applicable legal provisions and to protect the rights of the Data Subjects.