Administrator: “YIELDBIRD” spółka z ograniczoną odpowiedzialnością with its seat in Warsaw, at ul. Czerska 8/10, registered in the Register of Entrepreneurs maintained by the District Court for the capital city of Warsaw in Warsaw, 13th Commercial Division of the National Court Register under the National Court Register No. 0000324436; share capital in the amount of PLN 47,550.00 (forty seven thousand five hundred fifty zloty); Tax ID No. [NIP]: 679 299 6939,
Personal data: any information on an identified or possible to be identified natural person by one or a few special aspects defining the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person, including the IP No. of the device, data on the location, Internet identifier and information gathered via cookie files and another similar technology.
GDPR: the Regulation of the European Parliament and of the Council (EU) 2016/679 of 07 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
Website: the on-line website and mobile applications broadcast by the Administrator, which this Policy shall be applied to.
User: any natural person visiting the Website or using one or more services or functionalities rendered available at the Website.
DATA PROCESSING IN CONNECTION WITH THE USE OF THE WEBSITE
In connection with the use of the Website by the User, the Administrator shall gather data in the scope necessary for rendering particular services offered at the Website as well as the information on the User’s activity at the Website. Detailed principles and objectives of processing of personal data gathered during the User’s use of the Website are described below.
OBJECTIVES AND LEGAL GROUNDS FOR DATA PROCESSING AT THE WEBSITE
Use of the Website
Personal data of all persons using the Website (including the IP address or other identifiers and information gathered via cookies files or other similar technologies) and not being the registered Users (i.e. persons who do not have an account or a profile at the Website) shall be processed by the Administrator:
- for the purpose of rendering electronic services in the scope of giving access to the content of the Website to the Users – the necessity of processing in order to perform the agreement constitutes the legal grounds for processing (Article 6 section 1 letter b) of GDPR),
- for analytical and statistical purposes – the Administrator’s substantiated interest, consisting in the performance of analyses of the Users’ activity and their preferences, for the purpose of correction of functionalities applied and services rendered, shall constitute the legal basis for processing (Article 6 section 1 letter f) of GDPR);
- for the purpose of possible determination, seeking or defending claims – the Administrator’s substantiated interest, consisting in defending its rights, shall constitute the legal basis for processing (Article 6 section 1 letter f);
- for the Administrator’s and other entities’ marketing purposes, in particular in connection with the presentation of the behavioural advertisement – the principles of personal data processing for marketing purposes are described in the MARKETING
The User’s activity at the Website, including their personal data, shall be registered in system logs (a special computer programme used for storing chronological records, containing information on events and actions relating to the IT system used for rendering services by the Administrator). Information gathered in logs shall be processed mainly for purposes connected with rendering services. The Administrator also processes the data for technical, administrative purposes, for purposes of ensuring the security of the IT system and the IT system management, as well as for analytical and statistical purposes – the Administrator’s substantiated interest shall constitute the legal basis for processing in this respect (Article 6, section 1, letter f) of GDPR).
The Administrator shall ensure the possibility of contacting the Administrator with the use of electronic contact forms. The use of the form shall require providing personal data necessary to contact the User and to provide the response to the inquiry. The User may also provide other data in order to facilitate contact or handle the inquiry. The provision of data marked as obligatory shall be required to accept and handle the inquiry and the failure to provide thereof shall result in the lack of possibility of handling the inquiry. Provision of the remaining data is voluntary.
Personal data are processed:
- in order to identify the sender and handle the inquiry sent via the form – the necessity to process in order to perform the services agreement shall constitute the legal grounds for processing (Article 6, section 1, letter b) of GDPR);
- for analytical and statistical purposes – the substantiated interest of the Administrator, consisting in keeping the statistics of inquiries submitted by Users via the Website, in order to improve the functionalities thereof, shall constitute the legal basis for processing (Article 6 section 1 letter f) of GDPR);
The Administrator shall process the Users’ personal data for the purpose of implementing marketing actions which may consist in:
- sending e-mail notifications on interesting offers or contents, which in some cases contain commercial information (newsletter service),
The Administrator renders the newsletter service to persons who provided their e-mail address for that purpose. Provision of data shall be required for the purpose of rendering the newsletter service and the failure to provide thereof shall result in the lack of possibility of sending thereof.
Personal data shall be processed:
- for the purpose of rendering the newsletter sending service – the necessity of processing to perform the agreement shall constitute the legal grounds for processing (Article 6, section 1, letter b) of GDPR);
- in case of sending marketing contents within the framework of the newsletter to the User – the Administrator’s substantiated interest shall constitute the legal basis for processing, including profiling (Article 6, section 1, letter f) of GDPR), in connection with the consent expressed for receiving the newsletter;
- for analytical and statistical purposes – the Administrator’s substantiated interest, consisting in performance of analyses of the Users’ activity at the Website, for the purpose of improvement of functionalities applied, shall constitute the legal basis for processing (Article 6 section 1 letter f) of GDPR);
- for the purpose of possible determination, seeking or defending claims – the Administrator’s substantiated interest shall constitute the legal basis for processing (Article 6 section 1 letter f);
The Administrator shall process personal data of Users visiting the Administrator’s profiles run in social media (Facebook, LinkedIn, Twitter). The data shall be processed only in connection with keeping the profile, including for the purpose of informing the Users about the Administrator’s activity and promoting events, services and products of various kinds. The Administrator’s substantiated interest consisting in the promotion of its own brand shall constitute the legal basis for personal data processing by the Administrator (Article 6, section 1, letter f) of GDPR).
COOKIE FILES AND SIMILAR TECHNOLOGY
Cookie files are small text files, installed at the device of the User viewing the Website. Cookies usually contain the name of the website domain which they come from, the time of storage thereof at the user’s device and the unique number. In this Policy information pertaining to cookies applies also to similar technologies used within the framework of the Website.
The Administrator shall use the so-called service cookies mainly for the purpose of providing the User with services rendered in an electronic manner and for the purpose of the services’ quality improvement. Therefore, the Administrator and other entities rendering analytical and statistical services thereto use cookie files, storing the information or obtaining the access to information already stored in the User’s telecommunications device (computer, telephone, tablet etc.). Cookies used for that purpose comprise:
- cookies with the data introduced by the User (session identifier) for the session duration (user input cookies);
- authentication cookies used for services which require authentication for the duration of the session;
- cookies used for assuring security e.g. used for detecting abuse as regards authentication (user centric security cookies);
- multimedia player session cookies (e.g. flash player cookies) for the duration of the session;
- user interface customization cookies, for the duration of the session or slightly longer,
- cookies used for monitoring of traffic at the website i.e. data analytics, including:
– Google Analytics cookies (i.e. cookies used by the Google company – i.e. the entity which the Administrator entrusted with personal data processing – for the purpose of performing the analysis of the manner of using the Website by the User, including preparation of statistics and reports concerning the Website functioning).
PERSONAL DATA PROCESSING PERIOD
The period of data processing by the Administrator depends on the kind of the service rendered and the objective of processing. In principle, data are processed within the time of the service provision or order implementation by the time of withdrawal of the consent expressed or raising an effective objection against data processing in cases when the Administrator’s substantiated interest constitutes the legal basis for data processing.
Data processing period may be extended in case if processing is necessary to determine, seek or defend against possible claims and after that period only in case and in the scope in which this is required under legal regulations. Upon the lapse of the processing period, data are irrevocably removed or anonymized.
The User shall have the right of access to data contents and to request the correction, removal, limitation of processing thereof, the right of transfer the data and the right of raising an objection against data processing as well as the right of filing a complaint to the supervision authority competent for personal data protection.
To the extent to which the User’s data are processed under the consent, the consent may be withdrawn at any moment, by means of contacting the Administrator.
Right of objection
At any moment the User shall have the right to raise an objection against processing of their data for direct marketing purposes, including profiling, if the processing takes place in connection with the Administrator’s substantiated interest.
The User shall also have the right, at any moment, to raise an objection against the processing of their data for reasons related to their special situation in cases when the Administrator’s substantiated interest constitutes the legal basis for processing (e.g. in connection with implementation of analytical and statistical objectives, including profiling).
More information on rights resulting from GDPR may be found in personal data processing policy constituting an appendix to this Policy and available also at the address https://yieldbird.com/privacy-transparency/ .
In connection with performance of services, personal data shall be disclosed to external entities, including in particular to suppliers responsible for handling IT systems used for rendering services and to entities related to the Administrator, including the companies from its group,
In case of obtaining the User’s consent, their data may be rendered available also to other entities for their own purposes, including marketing purposes.
The Administrator reserves the right to disclose the information concerning the User to competent authorities or third parties which raise a request for providing such information, based on relevant legal grounds and in accordance with applicable legal regulations.
TRANSFER OF DATA OUTSIDE THE EUROPEAN ECONOMIC AREA
The level of personal data protection outside the European Economic Area (EEA) differs from the one ensured by the European law. For the aforementioned reason, the Administrator shall transfer personal data outside the EEA only when this is necessary and assuring a relevant level of protection, in particular by means of:
- cooperation with personal data processing entities in countries with respect to which a relevant decision of the European Commission was issued;
- the application of standard contractual clauses issued by the European Commission;
- the application of binding corporate rules approved by a competent supervision body;
- in case of the transfer of data to the USA – cooperation with participants of the Privacy Shield programme approved under the decision of the European Commission.
The Administrator always informs about the intention of transferring personal data outside the EEA at the stage of collection thereof.
PERSONAL DATA SECURITY
The Administrator carries out, on regular basis, the risk analysis for the purpose of ensuring that the personal data are processed by the Administrator in a secure manner which assures, above all, that only authorized persons have access to the data and only in the scope in which it is necessary due to the tasks performed by them. The Administrator cares for all the operations with the use of personal data to be registered and made only by authorized employees and colleagues.
The Administrator takes up any necessary measures for its subcontractors and other cooperating entities to provide the guarantee of application of relevant security measures in each case of processing personal data at the Administrator’s order.
Contact with the Administrator is possible via the e-mail address: email@example.com or via mail to the address: “YIELDBIRD” spółka z ograniczoną odpowiedzialnością with its seat in Warsaw, ul. Czerska 8/10.
The data Administrator appointed the Personal Data Inspector which may be contacted via e-mail address: firstname.lastname@example.org with respect to any matter concerning personal data protection.
The Policy is verified on regular basis and updated if necessary. The current version of the Policy was adopted on and it applies from 23 May 2018.