Szanowni Państwo. Informujemy, że w dniu 19 i 20 maja w związku ze zmianą siedziby firmy biuro na ul. H. Dąbrowskiego 24 będzie nieczynne.
Przepraszamy za utrudnienia z tym związane.

Privacy Policy

I. BASIS

I.1. This document is a description of the privacy policy of DATACOMP IT Sp. z o.o. with its registered office in Kraków at ul. Gen. H. Dąbrowskiego 24 (30-532), entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for Kraków-Śródmieście in Kraków, 11th Commercial Division of the National Court Register under no. 0000936569, share capital PLN 30.000,00 – paid up in full; NIP 6793228148, e-mail address: datacomp@datacomp.com.pl

The purpose of this document is to determine the principles and manner of processing and using data and information originating from the users of websites administered by Datacomp IT Sp. z o.o., including the customers of Datacomp IT Sp. z o.o. The document also contains information about the rights of natural persons in relation to personal data provided by them.

I.2. In its privacy policy, Datacomp IT Sp. z o.o. is guided by the overarching principle:
in no event does it sell or share personal data or contact details of its customers / users of its websites, services, bulletins or applications to or with third parties.

I.3. Please familiarise yourself with the content of this policy. By visiting or using the websites of DATACOMP Sp. z o.o. or by sending us any personal data, the user accepts the terms and conditions of this privacy policy.

I.4. Please note that when leaving our websites (for example, by going to a page in another domain using a link), the user goes to an area where this privacy policy does not apply.
Datacomp IT Sp. z o.o. is not responsible for the privacy policies applicable on websites operated by other entities.

I.5. Datacomp IT Sp. z o.o. has appointed a Data Protection Officer (DPO), who can be contacted by e-mail under the address: iod@datacomp.com.pl in any matter related to the processing of personal data.

II. DEFINITIONS

Controller: Datacomp IT Sp. z o.o. with its registered office in Kraków, ul. Gen. H. Dąbrowskiego 24 (30-532).

User: A natural or legal person or an organisational entity without legal personality visiting the Website or using the services of the Website.

Consumer: A user who is a natural person and makes a purchase in the Store which is not directly related to their professional or business activity.

Website: Webpages and Websites operated by the Controller on stationary and mobile terminal devices through which the Controller provides the Users with content as well as digital or electronic files, and provides other services specified each time in the Website Regulations.

Store: A separate part of the Website through which the Controller conducts Sales of Files on the terms and conditions specified each time in the Store Regulations.

File: An electronic or digital file with a content (in particular: application, electronic library, plugin, e-book, audiobook, e-press, multimedia application) intended for use, reading, listening or other reproduction (as described in the Store) using an Electronic Device.

Electronic Device: A device intended for such purposes as downloading or saving digital files (e.g. personal computer, smartphone, tablet, e-reader).

Sale of a File: provision of a File by the Controller, against payment, at the User’s order executed through the Store, allowing for the use of the File without time limitations, using exclusively Electronic Devices – on the terms and conditions specified each time in the Store Regulations.

Additional Services: Services provided by the Controller for the Users registered on the Website (i.e. those who have an Account).

Account: Individual site of the User registered on the Website through which the registered User can use Additional Services – on the terms and conditions specified each time in the Website Regulations.

Payment Operator: payment institutions within the meaning of Article 2 section 10A) of the Act of 19 August 2011 on payment services (consolidated text Journal of Laws 2017, item 2003) cooperating with the Website.

Order Payment: crediting of the User’s bank account or payment card with the amount specified in the order, confirmed by the Payment Operator.

GDPR: Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

III. PROCESSING AND PROTECTION OF PERSONAL DATA

 
III.1. Collecting and processing of data in connection with the use of the Website

III.1.1. In connection with the use of the Website by the User, the Controller collects data within the scope necessary for the provision of particular services offered on the Website, as well as the information about the User’s activity on the Website.

When collecting any personal data, the Controller records their source.

III.1.2. Personal data are sourced directly from the User through:

  • online forms – information is collected through forms available on the Controller’s websites and intended for communication, sending queries, submitting applications and making comments;
  • contact outside of the website – on the Controller’s websites there are telephone and fax numbers as well as e-mail addresses which can be used to contact the Controller;
  • telephone contact – conversations with the Controller’s representatives at the numbers indicated on the Controller’s websites may be recorded. In such a case, the User will be each time informed thereof;
  • data on network traffic and statistics concerning the frequency of visits on the Controller’s websites – the Controller keeps the record of information about the traffic data which are automatically registered by our server, such as the user’s IP address, URL visited before the visit on our website, URL visited after the visit on our website, as well as the websites visited. Statistics on the number of visits and views of the website are also collected. The Controller is unable to directly identify the user’s identity based on traffic data and statistics concerning the use of the website.
  • when using the resources of websites administered by the Controller – information about the users is collected through files such as “cookies”.

III.1.3. Below, we present detailed rules and purposes of the processing of personal data collected during the use of the Website by the User.

III.2. Purposes and legal basis for the processing of data on the Website

III.2.1. Use of the Website

Personal data of all persons using the Website (including IP address or other identifiers and information collected through cookies or related technologies) and not being registered Users (i.e. persons who do not have an Account) are processed by the Controller:

  • for the purpose of provision of services by electronic means in terms of presentation and sales of Files in the Store and maintaining the content posted on the Website by the Users (e.g. posts, comments) – in such a case, the legal basis for the processing is its being necessary for the performance of the contract (Article 6 paragraph 1 point (b) of the GDPR);
  • for analytical and statistical purposes – in such a case, the legal basis for the processing is the Controller’s legitimate interest (Article 6 paragraph 1 point (f) of the GDPR), consisting in the analysis of the Users’ activity and preferences in order to improve the functionalities used and the services provided;
  • for the purpose of possible investigation, inquiry or defence against claims – the legal basis for the processing is the Controller’s legitimate interest (Article 6 paragraph 1 point (f) of the GDPR), consisting in the protection of the Controller’s rights;
  • for the marketing purposes of the Controller and other entities, in particular for the purposes related to the presentation of behavioural advertising – the principles of the processing of personal data for marketing purposes are described in section III.2.5. Marketing.

The User’s activities on the Website, including the User’s personal data, are registered in system logs (special computer programme used for storing a chronological record containing information about events and activities concerning the IT system used to provide services by the Controller). The information collected in the logs is mainly processed for the purposes related to the provision of services. These data are processed by the Controller also for technical and administrative purposes, for the purpose of managing and ensuring the security of the IT system, as well as for analytical and statistical purposes – in this respect, the legal basis for the processing is the Controller’s legitimate interest (Article 6 paragraph 1 point (f) of the GDPR).

III.2.2. Registration on the Website

Persons who register on the Website are requested to manually provide the data necessary for the creation and maintenance of their account, or to provide such data using their profile on the social networking site facebook.com. The provision of data in the form of an e-mail address is mandatory, i.e. the failure to provide such data results in the inability to create an account.

Personal data are processed:

  • for the purpose of provision of services related to the maintenance and operation of an account on the Website – the legal basis for the processing is its being necessary for the performance of the contract (Article 6 paragraph 1 point (b) of the GDPR), and in terms of voluntarily provided data – the legal basis for the processing is the consent (Article 6 paragraph 1 point (a) of the GDPR);
  • for analytical and statistical purposes – the legal basis for the processing is the Controller’s legitimate interest (Article 6 paragraph 1 point (f) of the GDPR), consisting in the analysis of the Users’ activity on the Website, their use of the account, as well as their preferences, in order to improve the functionalities used;
  • for the purpose of possible investigation, inquiry or defence against claims – the legal basis for the processing is the Controller’s legitimate interest (Article 6 paragraph 1 point (f) of the GDPR), consisting in the protection of the Controller’s rights;
  • for the marketing purposes of the Controller and other entities – the principles of the processing of personal data for marketing purposes are described in section III.2.5. Marketing.

In the case of registration or logging in to the Account on the Website via Facebook, the User will select this form of logging in, and the Website, after prior consent of the User, will download from the User’s social network account only those data which are necessary for the registration and operation of the account.
If the User posts on the Website any personal data of other persons (including their first name and surname, address, phone number or e-mail address), it is allowed only as long as it does not infringe the applicable provisions of the law or personal rights of these persons.

III.2.3. Making orders (using paid services on the Website)

Sale of a File to the User involves the processing of the User’s personal data.

Making an order requires having an Account on the Website or provision of an e-mail address in the purchasing process. The provision of contact details is necessary for the issuance and service of an invoice.

Personal data are processed:

  • for the purpose of order execution – the legal basis for the processing is its being necessary for the performance of the contract (Article 6 paragraph 1 point (b) of the GDPR); in terms of voluntarily provided data, the legal basis for the processing is the consent (Article 6 paragraph 1 point (a) of the GDPR);
  • for the purpose of fulfilment of statutory obligations incumbent on the Controller, resulting in particular from tax and accounting regulations – the legal basis for the processing is the legal obligation (Article 6 paragraph 1 point (c) of the GDPR);
  • for analytical and statistical purposes – the legal basis for the processing is the Controller’s legitimate interest (Article 6 paragraph 1 point (f) of the GDPR), consisting in the analysis of the Users’ activity on the Website, as well as their purchasing preferences, in order to improve the functionalities used;
  • for the purpose of possible investigation, inquiry or defence against claims – the legal basis for the processing is the Controller’s legitimate interest (Article 6 paragraph 1 point (f) of the GDPR), consisting in the protection of the Controller’s rights.

III.2.4. Contact forms

The Controller can be contacted through electronic contact forms. Using the form requires the provision of personal data necessary to contact the User and answer their query. The failure to provide such data results in the lack of possibility of service.

Personal data are processed:

  • for the purpose of identification of the sender and handling their query sent through the provided form – the legal basis for the processing is its being necessary for the performance of the service contract (Article 6 paragraph 1 point (b) of the GDPR);
  • for analytical and statistical purposes – the legal basis for the processing is the Controller’s legitimate interest (Article 6 paragraph 1 point (f) of the GDPR), consisting in maintaining statistics of queries sent by the Users via the Website, in order to improve its functionalities.

III.2.5. Marketing

The Controller processes the Users’ personal data in order to perform marketing activities which may consist in:

  • displaying marketing content to the User without matching their preferences (including contextual advertising);
  • displaying marketing content to the User which is matched to their preferences (behavioural advertising);
  • sending e-mail notifications about interesting offers or content, which in some cases contain commercial information (newsletter service);
  • performing other activities related to direct marketing of goods and services (sending commercial information by electronic means).

For the purpose of marketing activities, the Controller may in some cases use profiling. It means that thanks to the automatic processing of data, the Controller evaluates shopping preferences in order to optimise the future offer.

III.2.6. Advertising

The Controller processes the Users’ personal data for marketing purposes related to targeting advertising to the Users, including contextual advertising (i.e. advertising which is not matched to the User’s preferences).

The processing of personal data for this purpose is related to the fulfilment of the Controller’s legitimate interest (Article 6 paragraph 1 point (f) of the GDPR).

III.2.7. Behavioural advertising

The Controller processes the Users’ personal data, including personal data collected through cookies and related technologies for marketing purposes, in connection with targeting behavioural advertising to the Users (i.e. advertising which is matched to the User’s preferences).

The processing of personal data for this purpose may also include profiling of the Users.

III.2.8. Newsletter

The Controller provides the newsletter service to those persons who have provided their e-mail address. The provision of data is required for the provision of the newsletter service, and the failure to provide such data or sending a request for deletion of such data results in the inability to receive the newsletter.

Personal data are processed:

  • for the purpose of the newsletter service – the legal basis for the processing is its being necessary for the performance of the contract (Article 6 paragraph 1 point (b) of the GDPR);
  • in the case of sending marketing content to the User as part of the newsletter – the legal basis for the processing, including profiling, is the Controller’s legitimate interest (Article 6 paragraph 1 point (f) of the GDPR) in connection with the consent for the receipt of the newsletter;
  • for analytical and statistical purposes – the legal basis for the processing is the Controller’s legitimate interest (Article 6 paragraph 1 point (f) of the GDPR), consisting in the analysis of the Users’ activity on the Website in order to improve the functionalities used;
  • for the purpose of possible investigation, inquiry or defence against claims – the legal basis for the processing is the Controller’s legitimate interest (Article 6 paragraph 1 point (f) of the GDPR).

III.2.9. Direct marketing

The User’s personal data may be also used by the Controller for the purpose of sending marketing content to the User via e-mail. Such activities are performed by the Controller only in the event when the User has expressed their consent in this respect, which may be withdrawn by the User at any time.

III.2.10. Social networking sites

III.2.10.1. The Controller processes personal data of the Users visiting the profile Datacomp maintained on Facebook. Such data are processed only in connection with the maintenance of the profile, also for the purpose of informing the Users about the Controller’s activity, promoting the Websites and responding to short queries sent via Facebook messenger.

The legal basis for the processing of personal data by the Controller for this purpose is the Controller’s legitimate interest (Article 6 paragraph 1 point (f) of the GDPR), consisting in the promotion of the Controller’s own brand, and the necessity of the processing for the fulfilment of the obligation (Article 6 paragraph 1 point (b) of the GDPR) within the scope in which the queries sent via Facebook messenger pertain to complaints.

III.2.10.2. Personal data provided by the User on websites owned by the Controller while sending comments pertaining to articles, responding on the forum, etc. are available for all persons visiting the websites containing such data. The Controller has no technical means of protecting the User from individuals or companies that may use such data to send the User unidentifiable content.

Hence, such data are not subject to the Privacy Policy.

In such an event, the User must be aware that their personal data are provided at their own risk and responsibility.

III.2.11. Cookies and related technologies

Cookies are small text files installed on the device of the User viewing the Website. Cookies usually contain the domain name of the website they come from, the time they are stored on the terminal device, and a unique number. In this Policy, the information pertaining to cookies is applicable also to related technologies used within the Website.

Disabling the use of cookies may make it difficult to use certain services as part of our Websites, in particular those that require logging in.

Disabling the option of accepting cookies does not result in the inability to read or view the content posted on the Controller’s websites, except for those that require logging in.

III.2.11.1. Website cookies

The Controller uses so-called website cookies mainly for the purpose of provision of services to the User by electronic means and for the purpose of improving the quality of these services.

Therefore, the Controller and other entities providing analytical and statistical services for the Controller use cookies by storing information or gaining access to the information already stored in the User’s telecommunications terminal device (computer, phone, tablet, etc.).

Cookies used for this purpose include:

  • cookies with data entered by the User (session identifier) for the duration of the session (user input cookies);
  • authentication cookies used for services that require authentication for the duration of the session;
  • cookies used to ensure security, e.g. cookies used to detect abuse in terms of authentication (user centric security cookies);
  • multimedia player session cookies (e.g. flash player cookies), for the duration of the session;
  • permanent cookies used to personalise the User’s interface, for the duration of the session or a bit longer (user interface customisation cookies);
  • cookies used to monitor the traffic on the website, i.e. data analytics, including cookies:

* Google Analytics (files used by Google – i.e. an entity entrusted by the Controller with the processing of personal data in order to analyse the use of the Website by the User, also in order to generate statistics and reports pertaining to the functioning of the Website).

III.2.11.2. Marketing cookies

The Controller uses cookies also for marketing purposes, including in connection with targeting behavioural advertising to the Users. For this purpose, the Controller stores information and gains access to the information already stored in the User’s telecommunications terminal device (computer, phone, tablet, etc.).

The use of cookies and personal data collected through cookies for marketing purposes, in particular in terms of promoting services and goods of third parties, requires the User’s consent.

This consent may be withdrawn at any time.

III.3. Period of personal data processing

III.3.1. The period of processing of data by the Controller is contingent upon the following factors:

  • time of completion of the contract, and after that time – for other legitimate purposes related to the contract. In the absence of a contract – until the completion of the service provision;
  • time of fulfilment of the Controller’s obligations set out in individual provisions of the law or time of completion of tasks performed in the public interest;
  • objection to the processing or time of expiration of the contracts with the Controller;
  • withdrawal of the consents given;
  • time of fulfilment of the Controller’s legitimate interests constituting the basis for the processing, or lodging an appeal against such processing, no longer than for the period of five years;
  • period of maintenance of the User’s Account.

III.3.2. All data are processed during actions taken prior to the conclusion of the contract, during the performance of the contract and during the fulfilment of the legal obligation incumbent on the Controller, based on the Controller’s legitimate interest, validity of consents and existence of the account, and are immediately deleted or irreversibly anonymised after the expiry of the processing period or after objecting to the processing.

Anonymisation leads to irreversible failure to identify a given person. All data that could enable identification are blacked out, which allows for the creation of a set of data preventing the identification of a specific natural person. Identifiers – information such as surnames, first names, addresses, dates of birth, PESEL and NIP numbers – are removed from the document. Documents which have been anonymised are not subject to the law on personal data processing and may be made available to applicants or made public without the consent of the data subjects.

The aim of anonymisation is to prevent the use of personal or sensitive data to identify a natural person with “any possible means that can be used” by the data controller or a third party.

Furthermore, data are deleted or irreversibly anonymised upon the effective objection to data processing in the event when the legal basis for the processing of data is the Controller’s legitimate interest.

III.3.3. Not all data may be anonymised immediately upon the request for deletion of personal data. By anonymising documents, the Controller verifies if the statutory period of their retention has expired; in the case of tax documents – it is five years, calculated from the end of the calendar year in which the tax payment deadline expires.

III.4. The period of data processing may be extended

if the processing is necessary for the purpose of investigation, inquiry or defence against possible claims, as well as at the request of competent public authorities, and after this period – only in the case and to the extent required by the law. After the expiry of the period of processing, the data are irreversibly deleted or anonymised.

III.5. User’s rights

III.5.1. The Controller respects the rights of each User in terms of the processing of their personal data. In particular, each person whose data are being processed has the following rights:

  • the right to obtain information about the processing of their personal data,
  • the right to access their personal data and to request their rectification, completion or amendment,
  • the right to have their data erased (“the right to be forgotten”),
  • the right to the limitation of the processing of their data,
  • the right to transfer their data,
  • the right to object to the processing of their data for the Controller’s legitimate purposes, also for the purpose of direct marketing of the Controller’s products and services, as well as profiling,
  • the right to lodge a complaint with a supervisory body dealing with the protection of personal data.

 III.5.2. To the extent that the User’s data are processed on the basis of a consent, such a consent may be withdrawn at any time by contacting the Controller via the communication channels indicated in the Website Regulations or the Store Regulations.

 III.5.3. The Controller stipulates that in the event when the User cannot be definitely identified (for example due to the scope of data provided by the User), the Controller may refuse to take action at the request of the User whom the data concern, at the same time notifying the User thereof, unless the User provides additional information allowing for their identification.

 III.5.4. If the User objects to further processing of their personal data for marketing purposes, profiling or transfer to another data controller, the objection is taken into account. However, the Controller may retain data identifying a natural personal in a data set only in order to prevent the data of such a person from being re-used for the purposes covered by the objection.

III.5.5. If personal data are processed based on the consent of the data subject or based on a contract concluded, and the processing takes place in an automated manner, the User has the right to receive, at their request, their personal data in a structured, commonly used machine-readable format, as well as to apply for the transfer of their data in such a format to the indicated data controller. The data subject submitting the application for the transfer of personal data must specify whether their personal data should be at the same time erased (“the right to be forgotten”) by the Controller and must submit the relevant application in this respect.

III.5.6. The User may use the right to information and access to their data not more often than once every 6 (six) months. At the request of the data subject, the Controller is obliged to provide necessary information within 30 (thirty) days.

More frequent use of the right to information and access to data will be subject to fees in the amount of PLN 50 (fifty), paid to the bank account in BNP Paribas Bank Polska SA, nr: 06 1600 1462 1803 4572 1000 0001, each time before the execution of the submitted request by the Controller. This fee constitutes legitimate costs incurred by the Controller in connection with the exercise of the right to access and is legally permissible.

III.6. The right to object

The User has the right to object, at any time, to the processing of their data for the purposes of direct marketing, including profiling, as well as the right not to be subject to a decision made solely on the basis of automated processing, if the processing is performed in connection with the Controller’s legitimate interest.

Furthermore, the User has the right to object, at any time, to the processing of their data for reasons related to the User’s particular situation in the event when the legal basis for data processing is the Controller’s legitimate interest (e.g. in connection with analytical and statistical purposes, including profiling).

III.7. Data recipients

III.7.1. The Controller declares that it does not sell, share or transfer the Users’ personal data collected for the processing to or with other persons or institutions, unless it is done with the express permission of the User or at the User’s request, or at the request of legally authorised state authorities for the purposes of proceedings conducted by them or for the purposes of their actions related to security or defence, for legally defined tasks performed for the public benefit, or when it is necessary for the fulfilment of legally justified goals of the Controller.

III.7.2. In connection with the provision of services, personal data will be disclosed to external entities, in particular to suppliers responsible for the operation of IT systems used for the provision of services, to entities such as banks and payment operators, research companies, entities providing accounting or analytical services, couriers (in connection with order execution), marketing agencies (in terms of marketing services) and entities related to the Controller.

With the User’s consent, personal data may also be disclosed to other entities for their own purposes, including marketing purposes.

III.7.3. The Controller reserves the right to disclose certain information related to the User to the relevant authorities or third parties that submit a request to provide such information based on the relevant legal basis and in accordance with the applicable provisions of the law.

III.7.4. In particular, the following entities may be data recipients:

  • OVH Sp. z o.o. with its registered office in Wrocław (54-402), ul. Szkocka 5 lok. 1;
  • Netia SA with its registered office at ul. Poleczki 13, 02-822 Warsaw;
  • Poczta Polska Spółka Akcyjna with its registered office in Warsaw (00-940), ul. Rodziny Hiszpańskich 8;
  • United Parcel Service, Inc., UPS Europe SA with its registered office at Ave Ariane 5, Brussels, B-1200;
  • Raiffeisen Bank Polska Spółka Akcyjna with its registered office in Warsaw (00-844) at ul. Grzybowska 78;
  • ING Bank Śląski SA with its registered office in Katowice at ul. Sokolska 34;
  • PayU S.A. with its registered office in Poznań (60-166) at ul. Grunwaldzka 182;
  • PayPal (Europe) S.à r.l. & Cie, S.C.A with its registered office in L-1150 Luxembourg;
  • Europejski Fundusz Leasingowy S A with its registered office in Wrocław (53-605) at Pl. Orląt Lwowskich 1;
  • GRENKELEASING Sp. z o.o. with its registered office in Poznań (61-131) at ul. abpa A. Baraniaka 88.
III.8. Transfer of data outside of the European Economic Area

The level of personal data protection outside of the European Economic Area (EEA) differs from that ensured by the European law.

Therefore, the Controller transfers personal data outside of the EEA only when it is absolutely necessary, always ensuring the appropriate level of protection, in particular through:

  • cooperation with entities processing data in the countries in relation to which the relevant decision of the European Commission has been issued;
  • application of standard contract clauses published by the European Commission;
  • application of corporate principles approved by the appropriate supervisory body;
  • in the event of transfer of data to the USA – cooperation with entities participating in the Privacy Shield programme, approved by the European Commission.

The Controller always informs about its intention to transfer personal data outside of the EEA already at the stage of their collection.

III.9. Security of personal data

III.9.1. The Controller ensures the security of personal data by using appropriate technical and organisational measures intended to prevent unlawful processing of data as well as their accidental loss, destruction or damage.

III.9.2. The Controller takes the utmost care to ensure that personal data are processed in accordance with the principles of personal data processing specified in Article 5 of the GDPR, i.e.:

  • principle 1 – lawfully, fairly and in a transparent manner;
  • principle 2 – collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
  • principle 3 – adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  • principle 4 – accurate and, where necessary, kept up to date;
  • principle 5 – kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
  • principle 6 – processed in a manner that ensures appropriate security of the personal data;
  • principle 7 – processed in a manner that ensures the exercise of the rights of data subjects;
  • principle 8 – not transferred to countries outside of the European Economic Area or to international organisations without proper protection. 

III.9.3. The Controller conducts risk analysis on an ongoing basis to ensure that personal data are processed in a secure manner, ensuring, above all, that only authorised persons have access to the data and only to the extent to which it is necessary for the performance of their tasks.

III.9.4. The Controller makes sure that all operations on personal data are registered and performed only by authorised employees and collaborators having appropriate, personal authorisations of the Controller. 

III.9.5. The Controller takes all necessary actions in order to ensure that its subcontractors and other cooperating entities guarantee the application of relevant security measures whenever they process personal data at the request of the Controller.

IV. FINAL PROVISIONS

IV.1. This Privacy Policy is available on the Website and in the Controller’s registered office.

The document of the Privacy Policy, at the User’s request sent by e-mail to the address: iod@datacomp.com.pl, will be provided to the User in an electronic form, free of charge, to the e-mail address indicated by the User.

IV.2. This Privacy Policy may be amended by the Controller.

The Controller will notify the registered Users about the planned amendment of the Privacy Policy in terms of provision of Additional Services, 14 days in advance.
The User may refuse to accept the amendment within 14 days from the date of receipt of the notification about the amendment by sending an e-mail to the address biuro@datacomp.com.pl
In such an event, the User’s Account will be deleted on the date the amendment becomes effective.
The purchases made in the Store before the amendment becomes effective are subject to the provisions applicable up to date.
Each User is bound by the current Privacy Policy.

IV.3. The Privacy Policy does not concern websites and companies whose contact details are provided on websites and application / software descriptions owned by the Controller.

IV.4. If you do not consent to the above Privacy Policy, please do not visit out websites, do not order our bulletins owned by the Controller and do not purchase products or services offered by the Controller.

IV.5. The Privacy Policy with the wording considering Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) is applicable as of 25 May 2018.

Previously existing additional services subject to removal from the Website pursuant to the Privacy Policy with the new wording (such as: user’s profile, public account, private account and mailbox) will be active until 24 May 2018, 11:59 pm.

The removal of these services is related to the deletion of the Users’ personal data connected with these services by the Controller.