§1 General Provisions
- The Data Controller for the personal data collected by the Portal/Application is HELPHOO SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office in Warsaw (address of the headquarters and address for deliveries: 27 Aleja Jana Pawła II, 00-867 Warsaw); entered in the Register of Entrepreneurs of the National Court Register, file number [KRS] 0000840189; registration court holding the company’s documentation: District Court for the Capital City of Warsaw, 12th Commercial Division of the National Court Register; share capital in the amount of: PLN 5,000; NIP [Tax Identification Number]: 5272927297; REGON [Tax Identification Number]: 386050881. E-mail address: email@example.com.
- We hereby declare that we follow the personal data protection rules as well as all legal provisions which are provided for in the Data Protection Act as well as the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
- The Data Subject has the right to contact us in order to obtain exhaustive information on the manner on which their respective personal data is used. We therefore always make sure to inform about the data we collect, the manner in which it is collected, used, the purpose that it serves and who it is transferred to, the method of protecting the data during transfer to other parties, and we also provide information on the institutions which can be reached in the case of any doubts.
- The Owner (helphoo) applies adequate technical means, such as: physical protection means, IT and telecommunications infrastructure hardware means, software protection means as well as organisational measures ensuring adequate protection of the processed personal data, in particular protecting the personal data against disclosure to unauthorised third parties, breach by an authorised person and subsequent use for unknown purpose, as well as accidental or purposeful alteration, loss, damage or destruction or such data.
- In accordance with the rules set out in these Terms and Conditions and this document, we have exclusive access to the data. The access to the personal data may also be granted to other parties, which collect, process and store personal data in accordance with their respective Terms and Conditions, as well as to subjects, which are responsible for the performance of an order. The access to the personal data shall only be granted to the aforementioned entities in the necessary scope, required in order to carry out the services.
- The personal data are processed only for the purposes which you have consented to by clicking on the appropriate fields of the form provided on the Website or in another express manner. The legal basis for the processing of your personal data is the consent for personal data processing or the requirement to render a service (for instance, registering and managing an account on the Website) pursuant to Article 6, item 1(a)(b) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) - hereinafter referred to as “GDPR.
§2 Privacy Rules
- We take privacy very seriously. We respect privacy and ensure the fullest possible convenience of using our services.
- We value the trust of our Users who entrust us with their personal data. We always use the data in an honest manner, ensuring not to violate the trust, only within the scope required to provide the services on the Website.
- The User has the right to receive clear and complete information on the manner in which their data is used, and the purpose for which the data is required for.
- In the event of doubts regarding our methods of using the User’s personal data, we take immediate action in order to provide explanation and provide clear and exhaustive responses to any questions.
- We take all necessary action in order to protect the User’s data against improper and uncontrolled use and to ensure comprehensive protection of the data.
- Provision of data is not mandatory, but it is necessary in order to use the functionalities of the Portal/Application to undertake relevant actions preceding the conclusion of the agreement for provision of electronic services and its execution.
- You have the right to: access your personal data and obtain a copy of your personal data subject to processing, rectify your incorrect data; request the deletion of your data (the right to be forgotten) in the event of the circumstances provided for in Article 17 of the GPDR; request the restriction of the processing of the data in cases provided for in Article 18 of the GDPR, raise an objection to the processing of your personal data in the event of the circumstances provided for in Article 21 of the GDPR, transfer the submitted data which is processed in an automated manner.
- If you believe that your personal data is processed in violation of the law, you have the right to lodge a complaint with the supervisory authority (President of the Personal Data Protection Office, at Stawki 2 St. in Warsaw). If you quire additional information regarding personal data protection, or if you wish to exercise your rights, please contact us in writing to the correspondence address or via e-mail to the following address: firstname.lastname@example.org.
- We strive to protect the data in our possession against unauthorised access, unauthorised modification, disclosure and destruction. In particular:
a. we inspect the methods of collecting, storing and processing information, including physical security measures, in order to protect against unauthorised access to the system;
b. we grant access to the personal data only to the employees, counterparties and representatives who must access the data. In addition, in accordance with the agreement, they must maintain strict confidence and to allow us to carry out inspection in order to verify the manner in which they carry out their duties, and to draw consequences in the event if they violate their obligations.
- We shall observe all the applicable rules and regulations related to personal data protection and shall cooperate with the authorities responsible for data protection, as well as the authorised law enforcement authorities. In the event of a lack of regulations relating to personal data protection, we shall follow the commonly accepted personal data protection rules, principles of social interaction as well as the accepted customs.
- The detailed description of the manner of personal data protection is included in the Personal Data Protection Policy (PDP: Safety Policy, Personal Data Protection Terms and Conditions, IT System Management Manual). For safety purposes, considering the included procedures, it is available only for public inspection authorities.
The user always has the right to inform us, or to opt out independently by selecting an adequate option in the account settings, if:
a. he/she does not wish to receive information or messages from us in any form;
b. he/she wishes to obtain a copy of his/her personal data stored by us;
c. he/she wishes to update or remove their personal data stored by us;
d. he/she wishes to communicate violations, improper use of processing of his/her personal data;
- In order to facilitate our answer or to allow us to address the provided information, please state your full name and further details.
§3 Purpose, Legal Basis and Duration of Personal Data Processing
- In each case, the purpose, basis and period and recipients of the personal data processed by the Data Controller result from the activities undertaken by the User concerned in the Portal/Application or by the Data Controller.
- The Data Controller may process personal data within the Portal/Application for the following purposes, on the grounds and for the periods indicated in the table below.
§4 Cookies Policy
- We perform automated collection of the data included in cookie files in order to store the User data. A Cookie file contains a small amount of text which is sent to the User's web browser. The information is later returned by the browser upon subsequent access to the website. These files are used primarily for maintaining the session, i.e. by generating and returning a temporary identifier after logging in.
- We use “session” Cookies, stored on the User's end device until the user logs out or until the browser is turned off, as well as “permanent” Cookies, stored on the User’s end device for a time specified in the Cookie files parameters or until they are deleted by the User.
- Cookie files adjust and optimise the website and its offer to the User’s requirements by actions such as creating statistics of visits to the website and by ensuring safety. Cookie files are also required to maintain the session after leaving the website.
The Data Controller processes the data contained in the Cookie files each time the website is opened for the following purposes:
a. to optimise the use of the website;
b. to identify users who are currently logged in;
c. to adapt graphics, selection options and all other website content to individual user preferences;
d. to store data filled in automatically and manually from Order Forms or login data provided by the visitor;
e. to collect and analyse anonymous statistics on website usage in the administration panel and google analytics;
f. creating remarketing lists on the basis of information about preferences, behaviour, manner of using the Site and gathering demographic data, and then making these lists available in AdWords and AdSense1, Facebook Advertisements;
g. creating data segments on the basis of demographic information, interests, preferences in the choice of products/services viewed;
h. using demographic and interest data in Analytics reports;
- Due to the fact that it is necessary to prevent internet robots from executing certain actions on our commerce platforms, we use the Google reCAPTCHA to test if user behaviours do not display the characteristics of automated behaviours. In this situation, we may disclose your IP address to Google Ireland Ltd.
At any time, the User can completely block and delete all Cookie files using his/her internet browser.
- In the event that the User prevents its device from storing Cookies, it may disrupt the use of certain functionalities of the website or render it completely impossible; the User is fully entitled to do so. However, in that situation, please be advised of the limitations.
- Cookie types used on the Portal and the Mobile Application. Google AdSense cookies is used for displaying relevant advertisements. AdSense Cookies do not contain any personal information. If you wish to learn more about the Google AdSense cookies and the manner in which you can control it, please access https://policies.google.com/technologies/ads?hl=pl
6.1 RECAPTCHA V3
6.2 GOOGLE ADWORDS
6.3 GOOGLE ANALYTICS
6.5 GOOGLE MAPS
6.6 OPEN STREET MAPS
7. Each User who objects to the use of “Cookie” files for the aforementioned purpose has the right to manually remove the cookie at any time.
Please visit the website of the developer of the website currently used by the User.
8. More information on Cookie files is available from the help menu of each web browser. Examples of web browsers using the aforementioned “Cookie” files:
a. Internet Explorer cookie settings
b. Chrome cookie settings
c. Firefox cookie settings
d. Opera cookie files settings
e. Safari cookie files settings
f. Cookies on Android
g. Cookies on Blackberry
h. Cookie files on iOS
i. Cookie files on Windows Phone
§5 Rights and Obligations
- The user has the right to access his or her data, the right to rectify, supplement at any time and request the removal of such data from the databases or to stop the processing of such data without stating any reason. In order to exercise his or her rights, the User can send a message to the electronic mail address (email@example.com) or request to have his or her account deleted in the logged in user settings.
- The processing of personal data of natural persons being our clients is based on:
a. legitimate interests as a data controller (e.g. for the creation of a database, analytical and profiling activities, including activities concerning the analysis of the use of products, direct marketing of own products, securing documentation for the defence against possible claims or for the assertion of claims);
b. Consent (including in particular consent to e-mail marketing or telemarketing);
- The processing of personal data of natural persons being our potential clients is based on:
a. the legitimate interest of the data controller (e.g. for the creation of a database, direct marketing of own products);
b. consent (including in particular consent to e-mail marketing or telemarketing)
- The User’s request to remove the data or to cease the processing may result in a complete lack of possibility to carry these services out or a severe restriction thereof.
- We pay particular attention to the issue of profiling and we indicate that:
a. For the purposes of profiling, we generally process data that has previously been subject to ssl encryption;
b. For this purpose, we use the following typical data: e-mail address and IP address or cookies;
c. We profile you in order to analyse or predict your personal preferences and interests when you use our Services or products or services, and to adapt the content of our Services or products to those preferences;
d. We profile you for marketing purposes, i.e. to adapt the marketing offer to your preferences.
§6 The basic safety principles
- Each user shall pay adequate attention to its own data security as well as the security of devices used for internet access. Such device must have anti-virus software, with an up-to-date, regularly updated database of virus definitions, types and classes and a safe version of the preferred web browser and an enabled firewall. The user should verify if the Operating System and the installed software have the newest and compatible updates, as the malware attacks often target bugs in the installed software.
- The login details used for internet services include - for instance: logins, passwords, PIN, electronic certificates, etc. - they must be stored at a place which is inaccessible to others and impossible to penetrate using internet access. They must not be disclosed or stored in the device in a manner which makes them impossible to access by unauthorised persons.
- We recommend to remain cautious when opening suspicious attachments or when clicking on links on unexpected e-mails, such as from unknown senders or those located in the spam folder.
- We recommend to turn anti-phishing protection on in the web browser, i.e. tools which verify if the displayed website is authentic and if it was not established for phishing, i.e. for impersonating another person or institution.
- Files should only be downloaded from trusted places, services and websites. We do not recommend the installation of software from unverified sources, in particular from unknown developers with unverified opinions. These rules also apply to mobile devices, such as smartphones or tablets.
- Please set a safe and secure password for accessing Wi-Fi wireless network. it should not include any template or a string of characters that could be easy to guess (such as street name, the name of the host, date of birth, etc.). We recommend to use the highest possible wireless Wi-Fi encryption standards which can be used on your equipment, i.e. WPA2.
§7 Using Social Media plugins
- Our websites may contain plugins of social media portals, such as facebook.com, YouTube, Twitter, LinkedIn and many others. The associated services are provided by Facebook Ireland Ltd, Google Ireland Ltd and Twitter International Company respectively.
- Facebook is operated by Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland). Navigate here to see Facebook plugins: https://developers.facebook.com/docs/plugins
- Twitter is operated by Twitter International Company (One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland). Navigate here to see Twitter plugins: https://dev.twitter.com/web/tweet-button
- YouTube is operated by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Navigate here to see YouTube plugins:
- LinkedIn is operated by LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland). Navigate here to see LinkedIn plugins: https://developer.linkedin.com/plugins.
- The plugin transfers only the information regarding which of your pages you have accesses and the access time to its supplier. If the user is logged in to his/her account on, for instance, Facebook, YouTube, LinkedIn or Twitter while accessing our site, the supplier is able to connect the user’s interests, information preferences or other data, collected by pressing, for instance, the “Like” button, leaving a comment or by entering a profile name in the search bar. Such information is transferred by the browser directly to the supplier.
a. Facebook data protection/privacy advice: http://www.facebook.com/policy.php
b. Data protection/privacy advice issued by Twitter: https://twitter.com/privacy
c. Data protection/privacy tips issued by YouTube: https://policies.google.com/privacy?hl=pl&gl=pl
d. Data protection/privacy tips issued by LinkedIn: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy
§8 Data Recipients
- For proper functioning of the Portal/Application, it is necessary for the Data Controller to use the services of external entities (such as software provider). The Data Controller shall only use such processors who provide sufficient guarantees to implement appropriate technical and organisational measures so that the processing meets the requirements of the GDPR and protects the rights of data subjects.
- Users' personal data may be transferred to the following recipients or categories of recipients
a. opinion poll system provider - in the case of a User who agreed to express his or her opinion on the use of the Portal/Application, the Data Controller makes available the collected personal data of the User to a selected provider of opinion poll systems for the use of the Portal/Application commissioned by the Data Controller to the extent necessary for the User to express his or her opinion using the opinion poll system.
b. Controller makes available the collected personal data of the User to a selected provider of opinion poll systems for the use of the Portal/Application commissioned by the Data Controller to the extent necessary for the User to express his or her opinion using the opinion poll system.
d. providers of nested social plug-ins, scripts and other similar tools that enable the browser of the visitor to the Portal or the Application to retrieve content from the providers of said plug-ins (e.g. logging in with the login data of a social network) and to transmit the personal data of the visitor to these providers for this purpose.
e. entities searching for/providing services which are the subject of the Advertisement - (1) in the case of a User who has posted an Advertisement about searching for services, the Data Controller may make the collected personal data of the User available to the entity providing such services; (2) in the case of a User who has posted an Advertisement about providing services, the Data Controller may make the collected personal data of the User available to the entity searching for such services.