Privacy Policy

 

This privacy policy (“Privacy Policy”) applies to the processing of personal data of all users of the web portal functioning at the address: https://dafi.info/en/. Additionally, it applies to users of “Moje Dafi” mobile application.

 

Clause 1. Definitions

  1. Controller – Formaster S.A. with its registered office in Kielce (25-818), ul. Fabryczna 24, entered to the Register of Entrepreneurs under the National Court Register (KRS) number: 0000080942, for which the registry files are kept by District Court in Kielce, Tax Identification No. (NIP): 9590122245, REGON statistical no.: 290670483.
  2. Personal data – means information on an identified or identifiable individual (“person concerned by data”); an identifiable individual is a person who can be directly or indirectly identified, in particular on the basis of an identifier such as name, identification number, location data, online identifier or one or several special factors specifying physical, physiological, genetic, mental, economic, cultural or social identity of an individual.
  3. GDPR ‒ the Regulation of the European Parliament and Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of directive 95/46/EC.
  4. Web Portal ‒ web portal dafi.info/en
  5. Application ‒ mobile application of the Controller named “Moje Dafi”.
  6. User – every individual visiting the Web Portal, using the Application or using one or more services or functionalities offered by the Controller, to whom in line with the commonly applicable laws services may be provided by electronic means or with whom an Agreement for Provision of Services by Electronic Means may be entered into.
  7. Device ‒ means electronic device with which User obtains access to websites of the Web Portal or to the Application.

Clause 2. General Provisions

  1. Out of concern for security of Personal Data entrusted to us, we worked out internal procedures and recommendations which are to prevent making Personal Data available to unauthorised persons. We control adherence to them and regularly check their compliance with relevant legal acts, i.e. with the GDPR, the Personal Data Protection Act of 10 May 2018, the Act on Provision of Services by Electronic Means of 18 July 2012, and any other commonly applicable laws.
  2. The Web Portal performs the functions of acquiring information on Users and their behaviours in the following way:
    1. by information voluntary provided by User, or
    2. by collecting cookies.
  1. Personal data provided by User in a relevant form filled in in relation to use of the Web Portal or the Application is processed exclusively for the purpose resulting from a function of a specific form, e.g. to carry out the process of handling of information contact, and is treated as confidential and is not visible to unauthorised persons.
  2. We use unique, permanent identifier of devices for diagnostic and statistical purposes ‒ tools monitoring applications (whether errors occur, and if yes, in what devices, etc.), we use Android Advertising ID (Android platform) and identifierForVendor (iOS platform).
  3. Personal data left in the Web Portal or in the Application will not be in any way made available to third parties, save for cases explicitly set out in the applicable laws.

Clause 3. Information on processing of personal data

  1. The controller of personal data of Users is Formaster S.A. with its registered office in Kielce (25-818), ul. Fabryczna 24, entered to the Register of Entrepreneurs under the National Court Register (KRS) number: 0000080942, for which the registry files are kept by District Court in Kielce, Tax Identification No. (NIP): 9590122245, REGON statistical no.: 290670483.
  2. Personal data is processed by the Controller for the following purposes:
    1. for the purpose necessary to conclude, work out the content, perform, amend or terminate any agreement entered into between the Controller and User, including in particular an agreement covering use of the Application or other agreement concerning services rendered to User by electronic means as part of the Web Portal (on the basis of Art. 6(1)(b) of the GDPR),
    2. for purposes necessary to comply with legal obligations imposed on the Controller, in particular arising out of the Act on Provision of Services by Electronic Means (Journal of Laws 2017.1219), tax laws and the accounting laws (on the basis of Art. 6(1)(c) of the GDPR),
    3. for purposes resulting from legally justified interests pursued by the Controller, in particular for:
      1. marketing of the Controller’s products and services in the term of an agreement entered into with User,
      2. conducting analyses of Users’ activity and preferences,
      3. pursuing and defending against any claims arising out of concluded agreements (on the basis of Art. 6(1)(f) of the GDPR),
    4. for the purpose consistent with a voluntary permission expressed by User to processing of User’s personal data, among others in case User subscribes to a newsletter, loyalty programmes, or expressing of permission to participate in marketing campaigns and competitions (precisely indicated in the regulations of a specific marketing campaign or competition).
  1. The Controller exercises due diligence to ensure User’s Personal Data is always correct in terms of its substance and adequate to purposes for which it is processed and stored in the form enabling identification of persons concerned by it, not longer than necessary for fulfilment of the purpose of the processing.
  2. Personal data will be stored by the Controller:

     

    1. in case of the processing of data for the purposes necessary for performance of agreements entered into with User for the term of these agreements, and after this period until the expiry of the period of limitation of any claims,
    2. in case of the processing of data for the purposes necessary for fulfilment of legal obligations imposed on the Controller ‒ for the period set out in the laws,
    3. in case of the processing of data for the purposes arising out of legally justified interests pursued by the Controller ‒ for the period necessary for fulfilment of these purposes,
    4. in case of the processing of data on the basis of User’s permission to process personal data ‒ until withdrawal of this permission.
  1. Every person concerned by the data (if we are its controller) has the following rights:
    1. the right to access his or her data,
    2. the right to correction of data,
    3. the right to deletion of data,
    4. the right to limitation of the processing of data,
    5. additionally, with regard to personal data processed for the purposes arising out of legally justified interests pursued by the Controller, he or she has the right to object to the processing of personal data,
    6. furthermore, with regard to personal data processed on the basis of a permission or for purposes necessary to perform an agreement or take actions at a request of the person concerned by the data, before entering into an agreement, he or she has the right to transfer data, including the right to receive data and send it to other controller or to request, in case of technical capabilities, to send this data directly to a different controller.
  1. A person whose personal data is processed has the right to submit a complaint to a supervising body which is President of the Data Protection Authority.
  2. Provision of personal data is voluntary, but necessary for entering into an agreement as part of the Web Portal or the Application.
  1. A person concerned by the data has at any time the right to withdraw a granted permission to process personal data, without prejudice to compliance with the law of the processing carried out on the basis of the permission before it was withdrawn. A permission is withdrawn by contact at the address: Formaster S.A. with its registered office in Kielce (25-818), ul. Fabryczna 24 or electronically at: iod@formaster.com.
  2. In all matters related to personal data protection you may contact the Controller at email address iod@formaster.com or in writing to the address of the Controller’s registered office.
  3. Contact with the Data Protection Officer designated by the Controller is possible by electronic means at email address: iod@formaster.com
  1. Recipients of personal data will be entities cooperating with the Controller within the scope of services rendered to the Controller and supporting on-going business processes of the Controller, in particular entities providing accounting services to the Controller, IT service providers, carriers and providers of other additional services related to the provision of services by the Controller as part of the Web Portal or the Application.
  2. We respect the right to privacy and care for data security. To this effect, a secure communication encryption protocol (SSL) is used, among others, and we introduced access control, thus mitigating the consequences of a possible breach of data security.
  3. Personal data is processed only by authorised persons and only within the scope necessary in view of the tasks carried out by them. The Controller cares that all Personal Data operations were recorded and made only by the authorised employees and co-workers.
  4. The Controller takes all necessary actions to ensure also its subcontractors and other cooperating entities gave the guarantee of application of proper means of security in every case they process Personal Data by the Controller’s order.
  5. The Controller processes Personal Data of Users visiting the Controller’s profiles managed in social media (Facebook, YouTube, Instagram). This data is processed exclusively in relation to management of the profile, including to inform Users about the Controller’s activity and promotion of various kinds of events, services and products. The legal grounds for the processing of personal data by the Controller for this purpose is its justified interest (Art. 6(1)(f) of the GDPR) consisting in promotion of own brand.
  1. The Controller will not transfer personal data to third countries or international organisations.

Clause 4. Cookies

  1. Web portal https://dafi.info/en/ uses cookies. “Cookies” are to be understood as IT data stored in end devices of users, intended for use of websites. In particular, they are text files containing name of the website from which they come, time of their storage on an end device and a unique number.
  2. The Web Portal does not automatically collect any information, with the exception of information contained in cookies.
  3. The Controller uses two types of cookies:
    1. Session cookies: they are stored on a User Device and remain there until the end of a session of a relevant web browser. Saved information is then permanently deleted from the memory of the Device. The mechanism of session cookies does not allow to collect any personal data or any confidential information from a User Device.
    2. Persistent cookies: they are stored on a User Device and remain there until they are deleted. Ending a session of a relevant web browser or turning off a Device does not result in their deletion from User Device. The mechanism of persistent cookies does not allow to collect any personal data or any confidential information from a User Device.
  4. Cookies are intended for using websites of the Web Portal. The Controller uses these files to:
    1. enable logging on and maintaining session of User on every successive website of the Web Portal,
    2. adjust the content of a website of the Web Portal to individual preferences of User, most of all these files identify User’s Device to display the website in line with User’s preferences,
    3. compile anonymous statistics (excluding the possibility of identification of User) helping understand how Users of the Web Portal use websites of the Web Portal which allows to improve their structure and content,
    4. save settings selected by User and to personalise User interface, e.g. with respect to a chosen language or region from which User comes, font size, appearance of the website, etc.,
    5. correct service of a partner programme, enabling in particular verification of sources of redirections of Users to websites of the Web Portal.
  5. Collected data is used for monitoring and checking how Users use our websites to improve the functioning of the Web Portal ensuring more effective and problem-free navigation. We monitor information on Users by using Google Analytics tool which records behaviour of Users on websites of the Web Portal.
  6. The following types of cookies are used as part of the Web Portal:
    1. strictly necessary cookies enabling use of services available as part of the Web Portal, e.g. authentication cookies used for services requiring authentication as part of the Web Portal,
    2. cookies used for ensuring security, e.g. used for detecting authentication abuse as part of the Web Portal,
    3. performance cookies enabling collecting information on the method of use of websites of the Web Portal,
    4. functional cookies enabling “saving” settings selected by User and personalisation of User interface, e.g. with respect to a chosen language or region from which User comes, font size, appearance of the website, etc.,
    5. advertising cookies enabling delivery to Users of advertising contents more adjusted to their interests.
  1. Cookies used by partners of the Controller of the Web Portal, in particular users of the website administered by partners of the Controller of the Web Portal are subject to their own privacy policy.
  2. Out of concern for security of Personal Data entrusted to us, we worked out internal procedures and recommendations which are to prevent making Personal Data available to unauthorised persons. We control adherence to them and regularly check their compliance with relevant legal acts ‒ the GDPR, the Personal Data Protection Act, the Act on Provision of Services by Electronic Means, and any other commonly applicable laws.
  3. Standard software used for browsing websites by default allows for putting cookies on User’s Device. These settings may be changed by User in such a way as to block automatic support of cookies in web browser settings or inform about every sending of cookies to a User Device.
  4. Users of the Web Portal may at any time change settings concerning cookies. Detailed information on the possibility and methods of support of cookies is available in software (web browser) settings).
  • Example options of editing in popular web browsers:
    1. Mozilla Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer?redirectlocale=en-US&redirectslug=Cookies
    2. Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
    3. Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
    4. Safari: https://support.apple.com/kb/PH19214?locale=en_US&viewlocale=en_US

 

  1. The Controller of the Web Portal informs that the limitations on use of cookies may affect certain functionalities available on websites of the Web Portal.

Clause 5. Final provisions

  1. The Controller reserves the right to introduce changes to the Privacy Policy in relation to development of Internet technology, possible amendment to the law concerning personal data protection or development of the Web Portal. We will inform Users about any changes in a clear and understandable way.
  2. Introduced changes come into force on the date of publication of the Privacy Policy as part of the Web Portal.