Privacy Policy & Cookies

The Policy is for information purposes and serves satisfaction of the information obligations imposed on the data controller under the GDPR, i.e. Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

1. PERSONAL DATA CONTROLLER
   1. The controller of personal data is P sp. z o.o. with its registered office in Warsaw (01-194), ul. Młynarska 8/12, entered in the register of entrepreneurs of the National Court Register (KRS) under number KRS: 0000636383, Tax Identification Number NIP: 5223071494, National Business Registry number REGON: 36540263200000, share capital in the amount of PLN 5,000 (hereinafter referred to as “Primotly”).
   2. Contact details of the data controller: Bernhard Huber bernhard.huber@primotly.com
      
2. DATA PROCESSING METHOD
   1. The scope, purposes and legal grounds for the processing of personal data are presented in the table below.

   Purpose	Scope of data	Legal ground	Processing period
   phone calls	phone number, other personal data voluntarily provided by the data subject	Article 6(1)(f) of the GDPR – legitimate interest of the controller which consists in responding to queries and correspondence provided directly by data subjects	until a call ends or the data subject objects
   correspondence conducted in electronic form	e-mail address, first and last name, organisation name, other personal data voluntarily provided by the data subject	Article 6(1)(f) of the GDPR – legitimate interest of the controller which consists in responding to queries and correspondence provided directly by data subjects	until correspondence ends or the data subject objects
   conducting correspondence and collecting messages received by means of the contact form	e-mail address, first and last name, organisation name, other personal data voluntarily provided by the data subject	Article 6(1)(f) of the GDPR – legitimate interest of the controller which consists in responding to queries and correspondence provided directly by data subjects	until correspondence ends or the data subject object
   providing access to the website	IP address	Article 6(1)(b) of the GDPR – statutory authorization to process data necessary to perform an agreement	until lapse of the period of limitation of claims connected with access to the website
   undertaking marketing actions	e-mail address	Article 6(1)(f) of the GDPR – legitimate interest of the controller which consists in informing about its activity	until data cease to be useful or the data subject objects
   sending the newsletter	e-mail address	Article 6.1.(b) of the GDPR – statutory authorization to process data necessary to perform an agreement	until the lapse of the period of limitation of claims connected with newsletter services provided to the data subject
   analysing traffic on the website	IP address, Cookie files	Article 6(1)(a) of the GDPR – consent given by the data subject	until data cease to be useful or the data subject withdraws the consent
   protection against claims, raising claims	e-mail address, first and last name, other data voluntarily provided by the data subject	Article 6(1)(f) of the GDPR – legitimate interest of the controller which consists in protecting against claims and raising claims	until lapse of the period of limitation applicable to claims connected with access to the website and users’ actions within the website, calculated from the time of relevant user’s last visit on the website
   2. As part of personal data processing, Primotly as the controller does not transfer personal data to third countries (i.e. beyond the European Economic Area).
   3. Within its website, Primotly does not process personal data for the purpose of automated decision-making, including profiling.

3. RECIPIENTS OF DATA
1. Primotly may entrust the processing of personal data to third parties for the purpose of performance of certain activities. In such a case, the recipients of data of particular persons may involve: the provider of hosting for Primotly, the e-mail operator, the company providing technical support, the provider of a system for sending e-mails, a law firm, an accounting firm.
2. The personal data collected by Primotly may also be disclosed to: competent state bodies upon their request on the basis of relevant provisions of the law or other persons and entities – in the cases prescribed in the law.
3. Each entity to which Primotly transfers personal data for processing on the basis of a personal data transfer agreement (hereinafter referred to as “Transfer Agreement”) guarantees an adequate level of security and confidentiality of the processing of personal data. An entity processing the personal data of data subjects on the basis of the Transfer Agreement may process the personal data of those persons through another entity only upon prior consent of Primotly.
4. Disclosing personal data to unauthorized entities under this Privacy Policy may only take place upon prior consent of the data subject.
4. RIGHTS OF DATA SUBJECT
   1. Each data subject has the right to: (a) delete the collected personal data referring to him/her both from the system belonging to Primotly as well as from bases of entities which have co-operated with Primotly, (b) restrict the processing of data, (c) portability of the personal data collected by Primotly, in this to receive them in a structured form, (d) request Primotly to enable him/her access to his/her personal data and to rectify them, (e) object to processing, (f) withdraw the consent towards Primotly at any time without affecting the legality of the processing carried out on the basis of the consent before it is withdrawn, (g) lodge a complaint about Primotly to the supervisory authority (President of the Personal Data Protection Office).
5. OTHER DATA
   1. Primotly may store http enquiries, therefore the files containing web server logs may store certain data, including the IP address of the computer sending the enquiry, the name of the data subject’s station – identification through http protocol, if possible, date and system time of registration on the Primotly website and receipt of the enquiry, number of bytes sent by the server, the URL address of the site visited by the data subject before if he/she has entered the Primotly website through a link, information concerning the browser, information concerning errors occurred by realization of the http transaction. Web server logs may be collected for the purposes of proper administration by Primotly. Only persons authorised to administer the IT system have access to data. Files containing web server logs may be analysed for the purposes of preparing statistics concerning traffic on the Primotly website and occurring errors. Summary of such details does not enable identification of a natural person.
6. SECURITY
   1. Primotly applies technological and organisational means in order to secure the processed personal data corresponding to the threats and category of data to be secured, in particular, through technical and organisational means secures data against being published to unauthorised persons, taken over by an unauthorised person, processed in violation of the law and changed, lost, damaged or destroyed; among others the SSL certificates are applied. The set of collected personal data is stored on a secured server, moreover, the data are also secured by the internal procedures of Primotly related to the processing of personal data and information security policy.
   2. Primotly has also implemented appropriate technical and organisational means, such as pseudonymisation, designed to effectively enforce the data protection principles, such as data minimisation, and for the purpose of providing the processing with necessary safeguards, so as to meet the GDPR requirements and protect the rights of data subjects.
   3. At the same time, Primotly states that using the Internet and services provided by electronic means may pose a threat of malware breaking into the user’s teleinformatic system and device, as well as any other unauthorized access to user’s data, including personal details, by third parties. In order to minimize such threats, the data subject should use appropriate technical security means, e.g. use updated antivirus programs or programs securing his/her identification in the Internet. In order to obtain detailed and professional information related to security in the Internet, Primotly recommends taking advice from entities specializing in such IT services.
7. COOKIES
   1. For the purposes of the correct operation of the website, Primotly uses a cookie support technology. Cookies are packages of information stored on the device of a relevant user through Primotly, usually containing information corresponding to the intended use of a particular file, by means of which the user uses the Primotly website – these are usually: website address, date of publishing, lifetime of a cookie, unique number, and additional information corresponding to the intended use of a particular file.
   2. Primotly uses two types of Cookies: (a) session cookies, which are permanently deleted upon closing the session of user’s browser; (b) permanent cookies, which remain on user’s device after closing the session until they are deleted.
   3. It is not possible to identify the user on the basis of Cookie files, whether session or permanent. The Cookie mechanism prevents collection of any personal data.
   4. Cookies used by Primotly are safe for the user’s device, in particular they prevent viruses or other software from breaking into the device.
   5. Files generated directly by Primotly may not be read by other websites. Third-Party Cookies (i.e. Cookies provided by entities co-operating with Primotly) may be read by an external server.
   6. The user may individually change the Cookie settings at any time, stating the conditions of their storage, through the Internet browser settings or configuration of the service.
   7. First of all, the user may disable storing Cookies on his/her device in accordance with the instructions of the browser producer, but this may disable certain parts of or the entire operation of the Primotly website.
   8. The user may also individually remove Cookies stored on his/her device at any time in accordance with the instructions of the browser producer.
   9. Primotly uses own Cookies for the following purposes: configuration of the website and adjustment of the page content to the preferences or conduct of the user; analysis and research of views, click number and path taken on the website to improve the appearance and organisation of content on the website, time spent and number and frequency of visits on the Primotly website.
   10. The table below states the purposes for which we use third-party Cookies:

   Tool:	Purpose of storing:
   Google Analytics	Cookies are used for collecting information on the manner in which visitors use the website. Such information is used for analyzing aggregated data and improving the website on this basis
   Google Ads Conversion Tracking	a tool that uses Cookies to collect information about visitors and their actions after interacting with the website
   Facebook Pixel	a tool uses Cookies to collect information about visitors and allows them to display personalized advertisements based on their previous visits to the website and other websites on the Internet
   Linkedin Insight Tags	a tool uses Cookies to collect information about visitors and allows them to be displayed based on their previous visits to the website and other websites on the Internet
   Hot Jar	a tool uses Cookies to process information including standard internet log information and details of the visitor’s behavioral patterns upon visiting the website
   Matomo	a tool uses Cookies to collect information about visitors and allows them to be displayed based on their previous visits to the website and other websites on the Internet

   11. Details concerning Cookie support are available in the settings of the browser used by the data subject.
       
8. FINAL PROVISIONS
1. This Privacy Policy comes into effect on 1 March 2022.