image
[ EN | PL]

EFFECTIVE AS OF January 2nd, 2022.

SpotOn Poland PRIVACY AND COOKIES POLICY.

The Privacy and Cookies Policy (the "Policy") is for informational purposes only, which means that it does not create any obligations for visitors to the https://pl.spoton.com website (the "Website").

If you have any questions about the processing of your personal data, you can direct them to the following email address: poland-rodo@spoton.com.

I. POLICY PROVISIONS

The purpose of the Policy is:

  • a) to present the rules of processing of personal data by the Controller within the Website, and through its provision to provide data subjects with the necessary information on the processing of their personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: "GDPR");
  • b) to explain your rights in relation to the personal data processed by the Controller and the way in which they are protected;
  • c) to provide information on the cookies used within Website and the rules of their acceptance.

II. GENERAL INFORMATION

  1. The Controller of your personal data is

    SPOTON POLAND spółka z ograniczoną odpowiedzialnością with its registered seat in Kraków (Aleja 29 Listopada 20, 31-401 Kraków), entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for Kraków Śródmieście in Kraków, XI Commercial Division of the National Court Register under KRS number 0000807479, NIP 6762572293, REGON 384561488, email address: poland-rodo@spoton.com, phone number: +48 739971460 (the charge as for a standard call - according to the price list of the relevant operator) (hereinafter: the "Controller");

  2. The Controller has appointed a Data Protection Officer - Izabella Nicek, whose task is to ensure the correctness of personal data processing. You can contact the Data Protection Officer by e-mail: poland-rodo@spoton.com.
  3. The Controller shall ensure that it takes special care to protect the interests of data subjects, and in particular declares that:
    • a) processes personal data lawfully, fairly and in a transparent manner for data subjects;
    • b) collects personal data for specified, explicit and legitimate purposes and does not process them further in a way incompatible with those purposes;
    • c) personal data are adequate, relevant and limited to what is necessary for the purposes for which they are processed;
    • d) personal data are correct and updated when necessary;
    • e) keeps personal data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which they are processed;
    • f) processes personal data in a manner which ensures appropriate security, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, by means of appropriate technical or organisational measures.
  4. Providing your personal data is voluntary but necessary for the purposes indicated in point III below.

III. PURPOSE AND LEGAL BASIS OF PROCESSING

Your personal data may be processed for different purposes and on different legal bases depending on which functionalities within Service you use.

  1. USING WEBSITE As part of your visit to the Website and your activities on the Website, the Controller may process your personal data (including but not limited to the IP address of the device you are using) for the following purposes:
    • a) fulfilment of legal obligations to which the Controller is subject - legal basis: Article 6(1)(c) of GDPR - processing is necessary for compliance with a legal obligation to which the Controller is subject;
    • b) to enable use of the Website, to conduct marketing, analytical and statistical activities and to ensure security of the Website - legal basis: Article 6 (1)(f) GDPR - legitimate interest pursued by the Controller;
    • c) establishment, exercise or defence of possible claims - legal basis: Article 6(1)(f) GDPR - legitimate interest pursued by the Controller.
  2. RECRUITMENT PROCESS
    In connection with the Controller's recruitment processes, the Controller may process the personal data you provide (e.g. personal data provided in your CV), for the following purposes:
    • a) to the needs of future recruitment processes (in case you have given the relevant consent) - legal basis: article 6(1)(a) GDPR - consent;
    • b) to take steps at your request as a data subject before entering into a contract (in the case of employment based on a contract other than an employment contract) - legal basis: Article 6(1)(b) of the GDPR;
    • c) to consider the candidacy and to implement the recruitment process - legal basis: Article 6(1)(c) GDPR - necessity to fulfil a legal obligation to which the Controller is subject (in the case of personal data the provision of which is required by applicable law) or consent (in the case of personal data the provision of which is not required by applicable law) - legal basis: Article 6(1)(a) GDPR;
    • d) establishment, exercise or defence of possible claims - legal basis: Article 6(1)(f) GDPR - legitimate interest pursued by the Controller.
  3. CONTACT FORM
    The personal data you provide in connection with submitting an request via the contact form may be processed by the Controller for the following purposes:
    • a) fulfilment of legal obligations to which the Controller is subject - legal basis: Article 6(1)(c) of GDPR - processing is necessary for compliance with a legal obligation to which the Controller is subject;
    • b) handling your request and providing answers, conducting marketing, analytical and statistical activities - legal basis: Article 6(1)(f) GDPR - legitimate interests pursued by the Controller;
    • c) establishment, exercise or defence of possible claims - legal basis: Article 6(1)(f) GDPR - legitimate interest pursued by the Controller.
  4. PROCESSING PERIOD
    Your personal data may be processed for the following periods:
    • a) in connection with enabling the use of the Website and the need to ensure system security - for the duration of your use of the Website;
    • b) in connection with the conduct of the recruitment process by the Controller - for the period necessary for the conduct of the recruitment process, and in the case of candidates who have given their consent to the processing of their personal data for the purposes of future recruitment also for an appropriate period enabling them to participate in future recruitment, but no longer than 24 months from the submission of the application by the candidate;
    • c) in connection with submitting an enquiry via the contact form - for the period necessary to process your enquiry and provide a response;
    • d) in connection with marketing, analytical or statistical activities carried out as a part of access to the Website - for the period of the Controller's legitimate interest or until you raise an objection to such processing;
    • e) in connection with the establishment, exercise or defence of possible claims - for the period of their limitation specified by the applicable law;
    • f) in connection with the performance of legal obligations to which the Controller is subject - for the period necessary for their implementation in accordance with the binding provisions of law.

    If your personal data are processed on the basis of your consent, you may withdraw your consent at any time, which will not affect the lawfulness of the processing performed on the basis of your consent before its withdrawal.

    Depending on the scope of your personal data and the purposes for which they are processed, your personal data may be stored for different periods of time - in each case, the longer period for which your personal data is stored will determine.

  5. DATA RECIPIENTS
    1. The Controller may make your personal data available to third parties with whom it cooperates or will cooperate in connection with running the Website. These may be entities that technically assist the Controller in running the Website, e.g. providers of hosting or telecom services. Moreover, personal data may also be made available to entities that provide support in communication with clients, execution of marketing campaigns and conducting recruitment processes, as well as providers of legal, accounting and advisory services.
    2. The Controller endeavours to ensure that third parties to whom personal data is shared within the Website are required to apply appropriate measures to ensure the security and protection of your personal data. Your personal data may also be provided to other companies within the capital group to which the Controller belongs.
    3. Your personal data are generally processed within the European Economic Area ("EEA"). However, in the event that the Controller engages in cooperation with third parties with regard to the operation of the Website, your personal data may be transferred to a country outside the EEA where the entity cooperating with the Controller maintains personal data processing tools in cooperation with the Controller. In such a situation, the transfer of data will take place only to the extent necessary, connected with the provision of services by those entities to the Controller.
    4. In case of transfer of personal data to entities established outside the EEA, the Controller shall ensure that the requirements set out in Chapter 5 of the GDPR are applied, including the use of appropriate safeguards for the transfer in the form of standard data protection clauses adopted by the European Commission. You have the opportunity to obtain a copy of the safeguards for personal data transferred outside the EEA by contacting the Controller at: poland-rodo@spoton.com.
  6. RIGHTS OF DATA SUBJECTS
    In relation to the processing of your personal data, as a data subject, you have the right to:
    • a) access to your personal data (including e.g. to receive information on which personal data are processed)
    • b) erasure of personal data (e.g. if it has been processed unlawfully);
    • c) transfer personal data which have been provided to the Controller and which are processed by automated means and the processing is based on consent or the necessity to perform a contract, e.g. to another controller;
    • d) withdraw a consent (where the basis for the processing of personal data is consent) at any time, whereby withdrawal of consent does not affect the processing carried out by the Controller in accordance with the law prior to its withdrawal
    • e) object to the processing of personal data based on the necessity for purposes resulting from the legitimate interests pursued by the Controller or by a third party, including in particular to the processing for marketing purposes;
    • f) lodge a complaint to the President of the Personal Data Protection Office.
  7. COOKIES
    1. The Controller uses cookies (small text files, so-called cookies) or files with functionality similar to cookies, which are stored on your terminal device in connection with the use of the Website.
    2. Cookies are not harmful to you or your device. Restrictions on the use of cookies may affect certain functionalities available on the Website, enable or significantly impede the proper use of the Website.
    3. In many cases, your web browser will allow cookies to be stored on your device by default. At any time, you can delete cookies stored on your device or block their placement in the settings of your web browser. At the same time, please note that deleting or blocking the placement of certain cookies may restrict the use of certain functionalities available on the Website.
    4. As part of the use of the Website, you have the opportunity to select the scope of application of cookie technology, and then give the appropriate consent corresponding to the selected scope. Depending on the scope of application of the cookie technology you agree to, such cookies will be installed on your terminal device.
    5. Cookies collect various types of information which, in principle, do not constitute personal data (they do not allow you to be identified). However, some information, depending on its content and how it is used, may be associated with a specific person and thus be considered personal data. The provisions of this Policy regarding personal data apply accordingly to such information. To the extent that cookies contain your personal data, the basis for their processing is the legitimate interest of the Controller or a third party - Article 6(1)(f) GDPR.
    6. Detailed information on how to block / delete cookies is available in the "Help" section in the menu of your web browser. For example, in Internet Explorer, cookies can be modified from: Tools -> Internet Options -> Privacy; in Mozilla Firefox browser: Tools -> Options -> Privacy; and in the Google Chrome browser: Settings -> Show advanced settings -> Privacy -> Content settings -> Cookies. The access paths may differ depending on the browser version used.
    7. There are two main types of cookies used on the Service:
      • a) "session cookies” - which are temporary files that are stored in your terminal device until you leave the website or turn off the software (web browser); and
      • b) "persistent cookies" - which are stored on your terminal device for the time specified in the parameters of cookies or until you delete them.
    8. In addition to essential cookies (which the Controller uses to ensure the proper functioning of the Website and the safe use of the Website), the Controller may also use the following types of cookies within the Website:
      • a) analytical / functional cookies - cookies aimed at conducting analysis of the way the Website is used. Thanks to them the Controller may, among other things, determine the number of persons visiting the Website, as well as detect irregularities in its functioning and at the same time constantly improve it. These cookies also make it easier for you to use the Website (e.g. by storing information and settings provided by you);
      • b) marketing (advertising) cookies, which are used to present advertisements tailored to your interests, and may also be used to tailor the content and advertising presented to you by third parties with whom the Controller cooperates.
  8. FINAL PROVISIONS
    1. This version of the Policy is effective as of January 2nd, 2022.
    2. Due to the fact that the Website may present links to external websites that do not belong to the Controller and for which the Controller is not responsible, it is recommended to read the privacy policies of external websites belonging to other controllers.
    3. The Controller reserves the right to change the Policy - it can take place, among others, for the following important reasons:
      • a) changes in applicable regulations, in particular in the field of personal data protection, telecommunication law and electronically provided services affecting the rights and obligations of the Controller or the person visiting the Website;
      • b) development of functionalities or electronic services dictated by the progress of Internet technology, including the application / implementation of new technological or technical solutions, affecting the scope of the Policy;
    4. The Controller shall each time post information on changes to the Policy within the Website. Each time the Policy is changed, a new version of the Policy will appear with a new effective date.

Have an idea?

Tell us about it

Say hello to us chevron icon

© SpotOn Transact, Inc. 2020. All Rights Reserved. SpotOn Transact, Inc. is a registered ISO/MSP of Merrick Bank, South Jordan, UT.