§1 General Provisions
- We hereby declare that we follow the personal data protection rules as well as all legal provisions which are provided for in the Data Protection Act as well as the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
- The Data Subject has the right to contact us in order to obtain exhaustive information on the manner on which their respective personal data is used. We therefore always make sure to inform about the data we collect, the manner in which it is collected, used, the purpose that it serves and who it is transferred to, the method of protecting the data during transfer to other parties, and we also provide information on the institutions which can be reached in the case of any doubts.
- The owner (helphoo) applies adequate technical means, such as: physical protection means, IT and telecommunications infrastructure hardware means, software protection means as well as organisational measures ensuring adequate protection of the processed personal data, in particular protecting the personal data against disclosure to unauthorised third parties, breach by an authorised person and subsequent use for unknown purpose, as well as accidental or purposeful alteration, loss, damage or destruction or such data.
- In accordance with the rules set out in these Terms and Conditions and this document, we have exclusive access to the data. The access to the personal data may also be granted to other parties, which collect, process and store personal data in accordance with their respective Terms and Conditions, as well as to subjects, which are responsible for the performance of an order. The access to the personal data shall only be granted to the aforementioned entities in the necessary scope, required in order to carry out the services
- The personal data are processed only for the purposes which you have consented to by clicking on the appropriate fields of the form provided on the Website or in another express manner. The legal basis for the processing of your personal data is the consent for personal data processing or the requirement to render a service (for instance, registering and managing an account on the Website) pursuant to Article 6, item 1(a)(b) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) - hereinafter referred to as “GDPR.”
§2 Privacy Rules
- We take privacy very seriously. We respect privacy and ensure the fullest possible convenience of using our services.
- We value the trust of our Users who entrust us with their personal data. We always use the data in an honest manner, ensuring not to violate the trust, only within the scope required to provide the services on the Website.
- The User has the right to receive clear and complete information on the manner in which their data is used, and the purpose for which the data is required for.
- In the event of doubts regarding our methods of using the User’s personal data, we take immediate action in order to provide explanation and provide clear and exhaustive responses to any questions.
- We take all necessary action in order to protect the User’s data against improper and uncontrolled use and to ensure comprehensive protection of the data.
- The Data Controller of your personal data is HELPHOO Sp. z o.o. with its registered office in Warsaw, 00-867, at Aleja Jana Pawła II 27Ave., NIP [Polish Tax Identification Number]: 5272927297, REGON [National Official Business Register]: 386050881, KRS [National Court Register Number]: 0000840189.
- Your personal data is processed pursuant to Article 6(1)(b) of the GDPR. Providing the personal data is not obligatory, however it is necessary to take appropriate action prior to the conclusion and the implementation of the agreement. We will transfer your personal data to other recipients, who were entrusted with personal data processing in our name and on our behalf. Your data will be transferred pursuant to Article 6, item 1(f) of the GDPR, where the legitimate interest consist in proper performance of contracts. In addition, we will provide your personal data to our commercial partners. We store the collected data within the European Economic Area (“EEG”), but it may also be transferred and processed outside of the EEA. Each personal data transfer operation is carried out in accordance with the applicable law. If the data is transferred outside of the EEA, we apply the general clauses as well as the privacy shield as protective measures in relation to the countries, where the European Commission did not discover the required data protection level.
- Your personal data related to the conclusion and implementation of the Agreements shall be processed for the duration of their implementation, as well as for the period which does not exceed the applicable legal regulations, including the regulations of the Civil Code and the Accounting Act, i.e. not longer than the period of 10 years, beginning its run after the end of the calendar year in which the last agreement has been performed.
- Your personal data shell be processed in order to conclude and perform the future agreements and shall be processed until you submit an objection.
- You have the right to: access your personal data and obtain a copy of your personal data subject to processing, rectify your incorrect data; request the deletion of your data (the right to be forgotten) in the event of the circumstances provided for in Article 17 of the GPDR; request the restriction of the processing of the data in cases provided for in Article 18 of the GDPR, raise an objection to the processing of your personal data in the event of the circumstances provided for in Article 21 of the GDPR, transfer the submitted data which is processed in an automated manner.
- If you believe that your personal data is processed in violation of the law, you have the right to lodge a complaint with the supervisory authority (Personal Data Protection Office, at Stawki 2 St. in Warsaw). If you require additional information regarding personal data protection, or if you wish to exercise your rights, please contact us in writing to the correspondence address.
- We strive to protect the data in our possession against unauthorised access, unauthorised modification, disclosure and destruction. What we do in particular:
a) we inspect the methods of collecting, storing and processing information, including physical security measures, in order to protect against unauthorised access to the system,
b) we grant access to the personal data only to the employees, counterparties and representatives who must access the data. In addition, in accordance with the agreement, they must maintain strict confidence and to allow us to carry out inspection in order to verify the manner in which they carry out their duties, and to draw consequences in the event if they violate their obligations.
- We shall observe all the applicable rules and regulations related to personal data protection and shall cooperate with the authorities responsible for data protection, as well as the authorised law enforcement authorities. In the event of a lack of regulations relating to personal data protection, we shall follow the commonly accepted personal data protection rules, principles of social interaction as well as the accepted customs.
- The detailed description of the manner of personal data protection is included in the Personal Data Protection Policy (PDP: Safety Policy, Personal Data Protection Terms and Conditions, IT System Management Manual). For safety purposes, considering the included procedures, it is available only for public inspection authorities.
- The user always has the right to inform us, or to opt out independently by selecting an adequate option in the account settings, if:
a) he/she does not wish to receive information or messages from us in any form;
b) he/she wishes to obtain a copy of his/her personal data stored by us;
c) he/she wishes to rectify, update or remove their personal data stored by us;
d) he/she wishes to communicate violations, improper use of processing of his/her personal data.
- In order to facilitate our answer or to allow us to address the provided information, please state your full name and further details.
§3 The Scope and Purpose of Personal Data Processing
- We process and store the necessary personal data for the following purposes:
a) to conclude an agreement, to process complaints and to terminate an agreement,
b) to monitor the traffic on our website;
c) to collect anonymous statistics, in order to discover the manner in which the users use our website;
d) to define the number of anonymous users of our website;
e) to manage the frequency with which the selected content is displayed, and how often the content is displayed;
f) to inspect how often users select a given service, or which service is used most often for contact;
g) to inspect newsletter subscriptions and contact options;
h) to use a system of personalised recommendations for e-commerce;
i) to utilise the tool for e-mail and phone contact;
j) to integrate with a social media website;
k) for direct marketing (ongoing and archiving purposes related to advertising campaigns)
l) to carry out the obligations imposed by legal regulations by collecting information on unwanted actions.
- We collect, process and store the following user data:
a) full name,
c) e-mail address,
d) phone number (contact, landline),
f) information on the used internet browser,
g) information on geographic location,
h) other personal data transferred voluntarily.
- The aforementioned data is provided by the User completely voluntarily, but it is also necessary for full implementation of the services.
- We store your personal data only for the duration for which they are necessary for maintaining appropriate quality of services; depending on the manner and purpose of obtaining the data, we store them for its duration and after it they are terminated for the following purposes:
a) the implementation of the obligations resulting from the binding legal provisions, including the tax and accounting laws;
b) to prevent abuse or crime;
c) for statistical and archiving purposes.
d) marketing activities - for the duration of the agreement, granting a separate consent for the processing of such data - until the conclusion of the activities related to the implementation of the service or until you object against such processing or until the consent is revoked.
e) promotional activities - i.e. contests, promotional campaigns - for the duration of such activities.
f) operational activities - for the limitation period of the obligations imposed by the GDPR and the relevant national regulations in order to show integrity in personal data processing.
g) raising any claims in relation to the executed contract.
- We consider that fact that a number of countries to which such personal data is transferred are not subject to the same level of personal data protection as the level applicable in the user’s home country. In accordance with the law applicable in another country, the user’s personal details stored in such country may be accessible by, for instance, courts, administrative bodies responsible for law enforcement and national security. Subject to the lawful requests for disclosure of the data, we undertake to demand the entities which process personal data outside of the user’s country to take action in order to protect the personal data in accordance with the regulations applicable by their national laws.
- Table outlining the purpose of the processing, the legal basis and the data storage
§4 Cookies Policy
- We perform automated collection of the data included in cookie files in order to store the User data. A Cookie file contains a small amount of text which is sent to the User's web browser. The information is later returned by the browser upon subsequent access to the website. These files are used primarily for maintaining the session, i.e. by generating and returning a temporary identifier after logging in. We use “session” Cookies, stored on the User's end device until the user logs out or until the browser is turned off, as well as “permanent” Cookies, stored on the User’s end device for a time specified in the Cookie files parameters or until they are deleted by the User.
- Cookie files adjust and optimise the website and its offer to the User’s requirements by actions such as creating statistics of visits to the website and by ensuring safety. Cookie files are also required to maintain the session after leaving the website.
- The Data Controller processes the data contained in the Cookie files each time the website is opened for the following purposes:
a) optimisation of the website use;
b) identification of the Service Recipients as logged-in users;
c) adjusting the graphics, selection options as well as any other contents of the website to the individual preferences of each Service Recipient;
d) storing the data from the Purchase Order Forms filled in automatically and manually or the login details provided by the visitor;
e) storage and analysis of anonymous statistics representing the manner in which the website is used, contained in the administration panel and Google Analytics;
f) creating remarketing lists based on the information on the preferences, behaviours, the manner in which the visitors use the Website and for collecting the data on demographics, and subsequent sharing of these lists with AdWords and AdSense, Facebook Ads;
g) for creating data segments based on the information on demographics, interests, preferences with regards to the displayed products/services;
h) using the demographics and interests data in Analytics report;
 Google AdSense cookies is used for displaying relevant advertisements. AdSense Cookies do not contain any personal information. If you wish to learn more about the Google AdSense cookies and the manner in which you can control it, please access https://policies.google.com/technologies/ads?hl=pl
- Due to the fact that it is necessary to prevent internet robots from executing certain actions on our commerce platforms, we use the Google reCAPTCHA to test if user behaviours do not display the characteristics of automated behaviours. In that circumstance, we may share your IP address with Google LLC.
At any time, the User can completely block and delete all Cookie files using his/her internet browser.
- In the event that the User prevents its device from storing Cookies, it may disrupt the use of certain functionalities of the website or render it completely impossible; the User is fully entitled to do so. However, in that situation, please be advised of the limitations.
- Cookie types used on the Portal and the Mobile Application
6.1 RECAPTCHA V3
6.2 GOOGLE ADWORDS
6.3 GOOGLE ANALYTICS
6.5 GOOGLE MAPS
6.6 OPEN STREET MAPS
- Each User who objects to the use of “Cookie” files for the aforementioned purpose has the right to manually remove the cookie at any time. Please visit the website of the developer of the website currently used by the User.
- More information on Cookie files is available from the help menu of each web browser. Examples of web browsers using the aforementioned “Cookie” files:
a) Explorer cookie files settings
b) Chrome cookie files settings
c) Cookie files settings Firefox
d) Opera cookie files settings
e) Safari cookie files settings
f) Cookie files in Android
g) Cookie files in Blackberry
h) Cookie files in iOS
i) Cookie files in Windows Phone
§5 Rights and Obligations
- We have the right and a statutory obligation in certain cases defined by the law to transmit the selected or all information regarding personal data to the public authorities or third parties who request such disclosure based on the applicable regulations of the Polish law.
- The user has the right to access his or her data, the right to rectify, supplement at any time and request the removal of such data from the databases or to stop the processing of such data without stating any reason. In order to exercise his or her rights, the User can send a message to the electronic mail address (firstname.lastname@example.org) or request to have his or her account deleted in the logged in user settings.
- The processing of personal data of natural persons being our clients is based on:
a) our legitimate interest as the Data Controller (i.e. within the scope of establishing a database, analytical and profiling activities, including the activities related to the product use analysis, direct marketing of our own products, securing documentation for the purposes of defending against claims or for the purpose of redress);
b) consent (in particular including the consent to marketing by e-mail or telemarketing);
c) the execution of the concluded agreement;
d) obligations resulting from the legal obligations (for instance the accounting laws).
- The processing of personal data of natural persons being our potential clients is based on:
a) The legitimate interest of the Data Controller (i.e. within the scope of creating a database, direct marketing of own products);
b) consent (in particular including the consent to marketing by e-mail or telemarketing)
- The User’s request to remove the data or to cease the processing may result in a complete lack of possibility to carry these services out or a severe restriction thereof.
- We pay particular attention to the issue of profiling and we indicate that:
a) in principle, for the purpose of profiling we process the data which had been subject to ssl encryption;
b) we use typical data for that purpose: e-mail address and IP or cookies;
c) we carry out profiling for the purpose of analysis or predicting the interests of the users of our Websites, products or services and to match the contents of our Websites or products to such preferences;
d) we profile for marketing purposes, i.e. to match the marketing offer to the aforementioned preferences.
- We undertake to follow the commonly applicable legal regulations and rules of social coexistence.
- Information on the out-of-court settlement of consumer disputes. Within the meaning of the Act of 23 September of 2016, the body authorised for out-of-court disputes is the Financial Ombudsman, which can be reached under the following address: www.rf.gov.pl.
§6 The basic safety principles
- Each user shall pay adequate attention to its own data security as well as the security of devices used for internet access. Such device must have anti-virus software, with an up-to-date, regularly updated database of virus definitions, types and classes and a safe version of the preferred web browser and an enabled firewall. The user should verify if the Operating System and the installed software have the newest and compatible updates, as the malware attacks often target bugs in the installed software.
- The login details used for internet services include - for instance: logins, passwords, PIN, electronic certificates, etc. - they must be stored at a place which is inaccessible to others and impossible to penetrate using internet access. They must not be disclosed or stored in the device in a manner which makes them impossible to access by unauthorised persons.
- We recommend remaining cautious when opening suspicious attachments or when clicking on links on unexpected e-mails, such as from unknown senders or those located in the spam folder.
- We recommend turning anti-phishing protection on in the web browser, i.e. tools which verify if the displayed website is authentic and if it was not established for phishing, i.e. for impersonating another person or institution.
- Files should only be downloaded from trusted places, services and websites. We do not recommend the installation of software from unverified sources, in particular from unknown developers with unverified opinions. These rules also apply to mobile devices, such as smartphones or tablets.
- Please set a safe and secure password for accessing Wi-Fi wireless network. it should not include any template or a string of characters that could be easy to guess (such as street name, the name of the host, date of birth, etc.). We recommend using the highest possible wireless Wi-Fi encryption standards which can be used on your equipment, i.e. WPA2.
§7 Using Social Media plugins
- Our websites may contain plugins of social media portals, such as facebook.com, YouTube, Twitter, LinkedIn and many others. The services connected with the plugins are provided by Facebook Inc., YouTube LLC and Twitter Inc.
- Facebook is managed by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA Facebook. Navigate here to see Facebook plugins: https://developers.facebook.com/docs/plugins
- Twitter is managed by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Navigate here to see Twitter plugins: https://dev.twitter.com/web/tweet-button
- YouTube is managed by Google LLC, 1600 Amphitheatre Parkway in Mountain View, California, United States. Navigate here to see YouTube: https://developers.google.com/youtube
- LinkedIn is managed by LinkedIn, Sunnyvale (HQ), CA, United States, 1000 W Maude Ave Navigate here to see LinkedIn plugins: https://developer.linkedin.com/plugins.
- The plugin transfers only the information regarding which of your pages you have accesses and the access time to its supplier. If the user is logged in to his/her account on, for instance, Facebook, YouTube, LinkedIn or Twitter while accessing our site, the supplier is able to connect the user’s interests, information preferences or other data, collected by pressing, for instance, the “Like” button, leaving a comment or by entering a profile name in the search bar. Such information is transferred by the browser directly to the supplier.
a) Data protection/privacy tips issued by Facebook: http://www.facebook.com/policy.php
b) Data protection/privacy tips issued by Twitter: https://twitter.com/privacy
c) Data protection/privacy tips issued by YouTube: https://policies.google.com/privacy?hl=pl&gl=pl
d) Data protection/privacy tips issued by LinkedIn: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy
- In order to avoid storing the visit to our website on user’s Facebook, Twitter, YouTube or LinkedIn account, please log out from the account before browsing our sites.