We/The Controller: Agora S. A. with its registered office in Warsaw, Czerska 8/10 Street (00-732), entered into the register of entrepreneurs of the National Court Register under the number 59944; share capital 47,665,426.00 PLN – fully paid up; Tax Identification Number: 526-030-56-44.
Personal data/The data: any information relating to a natural person identified or identifiable by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, including an IP address of the device, location data, an online identifier, and any information gathered by the means of cookies or similar technologies.
GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 7th April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/WE.
Websites: mobile applications and websites published by the controller to which the following policy applies (up-to-date list available here).
You/The User: any natural person visiting the website or using one or more of the services or functionalities available on the website.
Profiling: the automated processing of personal data consisting of the use of personal data to evaluate certain aspects relating to the natural person, in particular to analyze or predict aspects concerning the data subject’s performance at work, economic situation, health, personal preferences or interests, reliability or behaviour, location or movements.
We collect and process your data whenever you use our websites. Below you can find the detailed rules and the purpose of the processing of your data.
THE PURPOSE AND LEGAL BASIS FOR PROCESSING YOUR DATA
When you visit our websites we obtain your data, such as the IP address, other identification numbers, and information gathered by cookies or similar technologies (even if you are not logged in). We process that data for the following purposes:
for the purpose of sharing content on the website – the legal basis here is our legitimate interest in distributing our content (Article 5(1)(f) of GDPR);
for analytical and statistical purposes – the legal basis is our legitimate interest (Article 5(1)(f) of GDPR) in analyzing user activity and preferences in order to improve the functionalities and services we provide;
for the purpose of the establishment, exercise or defence of legal claims – the legal basis of processing is our legitimate interest (Article 6(1)(f) of GDPR) in protecting our rights;
for marketing purposes – by us and by other entities; the rules of data processing
for marketing purposes are described below in the MARKETING section.
Your activity on the website, including your personal data, is registered in system logs (a special computer program used to store a chronological log of information about any events and activities in the IT system used to provide our services) and through analytic scripts. We use this data for the main purpose of providing our services, for technical and administrative purposes, in order to ensure the safety of the IT system and to manage it, and for analytical and statistical purposes. In the scope described above, the legal basis of personal data processing is our legitimate interest (Article 6(1)(f) of GDPR).
Using contact forms requires you to provide the personal data marked as mandatory. If you don’t provide the data, the request cannot not be processed. Providing other data is optional.
Personal data provided in the form is processed:
for the purpose of identifying the sender and resolving the query described in the form – the legal basis is the necessity of processing for the performance of the contract (Article 6(1)(b) of GDPR).
We process your personal data for the purpose of marketing activities, which can include:
displaying marketing content not based on your preferences (including standard advertisements);
displaying marketing content based on your interests (behavioural advertisement);
sending e-mail notifications about interesting offers or content, which in some cases can include commercial information (the newsletter service);
conducting other activities related to the direct marketing of goods and services (sending commercial information through electronic mail and telemarketing).
In some cases we use profiling to conduct marketing activities. This means that we use automated data processing to evaluate some of your behaviours and create a forecast of your future behaviours.
A standard advertisement is an advertisement not dependent on user preferences. In the case of displaying such advertisements personal data is processed for marketing purposes in connection to our legitimate interest (on the basis of Article 6(1)(f) of GDPR).
Behavioural advertising is the advertising based on user preferences. Displaying behavioural advertisements is based, among other things, on profiling, which uses your personal data collected by cookie and similar technologies. Profiling for marketing purposes, by us and by our trusted partners (link), occurs on the condition that you consent to it (based on Article 6(1)(a) of GDPR). Consent is voluntary. Consent can also be given by performing the specific action which confirms consent, as indicated in the message displayed during the collection of consent. You can withdraw consent at any time, however it does not influence the legality of profiling for marketing purposes before consent is withdrawn.
We provide a newsletter service to persons who provide their e-mail address for this purpose. Providing data indicated while signing in to the newsletter (e-mail address) is voluntary, but necessary for sending the newsletter.
Personal data is processed:
for the purpose of performing the service of sending the newsletter – the legal basis is necessary for performing the contract (Article 6(1)(b) of GDPR);
in the case of sending marketing content as part of the newsletter – the legal basis for processing, including profiling, is our legitimate interest (Article 6(1)(b) of GDPR);
for analytical and statistical purposes – the legal basis of processing is our legitimate interest (Article 6(1)(b) of GDPR) in conducting the analysis of user activity on the website in order to improve the functionalities it includes;
for the purpose of the establishment, exercise or defence of legal claims – the legal basis of processing is our legitimate interest (Article 6(1)(f) of GDPR).
Direct marketing addressed by e-mail (among others) requires your consent (based on Article 6(1)(a) of GDPR). You can withdraw consent at any time.
COOKIES AND SIMILAR TECHNOLOGIES
Cookies are small text files that are installed on your device. Cookies usually include the domain name of the website they come from, the duration for which they will be stored on the device and a unique ID. In this policy, information concerning cookies applies also to other similar technologies used by the website.
Cookies used for those purpose include:
user input cookies
multimedia player session cookies
cookies used to monitor website traffic, i.e. data analysis, including cookies:
- used by Gemius S.A. – i.e. the entity that we have entrusted with personal data processing – for the purpose of performing the analysis of viewing figures and the manner in which the website is used, including the production of statistics and reports on the functioning of the website,
- Google Analytics (files used by Google – i.e. the entity entrusted with personal data processing by the Controller – for the purpose of conducting analysis of the use of the website, including production of statistics and reports on the functioning of the website).
DURATION OF THE PROCESSING OF PERSONAL DATA
The duration of processing of the data depends on the nature of the service and on the purpose of processing. The data is processed for the period of providing the service or performing the order, until withdrawal of consent or the relevant and reasoned objection or relevant and reasoned demand to erase the data.
The period of processing of personal data may be extended by the limitation period where necessary for the establishment, exercise or defence of legal claims by the Controller, and after this period – only in the instance and for the duration required by legislation.
You have the right to: access the content of your personal data, demand rectification, erasure or restriction of processing, transfer it to another controller and object to the processing, as well as to file a complaint with a relevant supervisory authority.
The consent on the basis of which some of your data is processed can be withdrawn at any time by contacting us using the contact details indicated on the website.
The right to object
At any time, you have the right to object to the processing of your data:
for direct marketing purposes;
for reasons relating to your particular situation in cases where the legal basis for the processing of your data is our legitimate interest (e.g. marketing, statistics and analysis), i.e. when your data is processed on the basis of Article 6(1)(f) of GDPR;
RECIPIENTS OF THE DATA
In the course of performing our services your data can be disclosed to external entities, in particular to providers handling IT systems used to perform our services, entities such as banks, payment operators, research agencies, providers of accounting services, delivery and courier companies providing services to marketing agencies (in the scope of marketing services), as well as to related entities – including Agora Group companies.
Upon your consent, your data can also be disclosed to other entities for their own purposes, including marketing purposes.
Your data may be disclosed to relevant authorities or third parties if they demand such disclosure in accordance with applicable legislation and based on the appropriate legal basis that entails the obligation to disclose such information.
TRANSFERRING DATA OUTSIDE THE EUROPEAN ECONOMIC AREA
We may transfer your data outside the European Economic Area (EEA) – in particular to social media administrators. Such transfer may take place only where the Commission has decided that the third country ensures an adequate level of protection, based in particular on:
the cooperation with entities which process personal data in countries approved by an adequacy decision of the European Commission;
the application of standard contractual clauses issued by the European Commission;
the application of binding corporate rules approved by the relevant supervisory authority;
in the case of transferring data to the USA – the cooperation with entities participating in the Privacy Shield program, approved by the European Commission.
Upon your request, we will provide you with a copy of your data transferred outside the EEA.
PERSONAL DATA SECURITY
We conduct risk analysis on an ongoing basis to ensure that personal data is processed in a secure manner, which guarantees that the data is accessed only by authorized persons and only in the scope necessary for performing their tasks. We make sure that all operations involving personal data are registered and conducted only by authorized employees and partners.
We take all measures necessary to ensure that our subcontractors and other co-operating entities guarantee that appropriate safety measures are taken whenever they process personal data on our behalf.
You can contact us at email@example.com or in writing to the following address: Agora, Czerska 8/10 Street (00-732) Warszawa.
We have appointed a Data Protection Officer, who can be contacted at the e-mail address provided above.
The Policy is verified on an ongoing basis and updated when necessary. The current version of the Policy has been adopted and applies from 25th May 2018 onwards.
Consent / withdrawal of consent