PRIVACY POLICY FOR PAVE USERS
Request a study
1. INTRODUCTION
This Privacy Policy (further: the “Policy” or the “Privacy Policy”) defines the rules of processing and protecting the personal data provided by users in connection with their use of the semi-automated PAVE platform.
2. DEFINITIONS
The following terms used in the Policy will have the following meaning:
a. Data Controller – Spacecamp spółka z ograniczoną odpowiedzialnością, with its registered office in Warsaw, ul. Ząbkowska 31, 03-736 Warsaw, entered in the business register of the Polish Court Register kept by the District Court for the city of Warsaw in Warsaw, XIV Economic Division of the Polish Court Register under number KRS 0000691123, holding statistical number REGON 368084457 and tax identification number NIP 701071087, hereinafter also referred to as the “Company”.
b. Account – a scope of rights defined on PAVE website and assigned to a Client to allow the Client’s authorised users to use the services provided by the Data Controller through the website. The authorised user uses the Account through an individual username and password.
c. Website – the PAVE.GLOBAL website.
d. User – a natural person using the Site. Using the site shall mean the use of the Account by registered users and use of the Site without registering or logging in.
Processing of personal data is required for the Company to achieve its business objectives. When processing such data, the Company undertakes to comply with the relevant provisions, in particular those of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), further the “GDPR”.
To the extent that the data processed is the personal data of a (potential) Client’s employees, co-workers, representatives and other persons involved in the performance of the contract concluded by the Company with the Client, these persons will be referred to as the “Users”. The following data may be processed:
- first name, last name, position within the Client’s organizational structure, phone number, business e-mail address, individual user name.
3. PROCESSING OF PERSONAL DATA OF USERS
Your personal data may be processed for the following purposes:
- To conclude and perform a contract (article 6(1)(b) of the GDPR)
a) to manage the business relationship with the Client – the Company will process your personal data to perform the contract, including the provision of services to the Client. We will use this personal data for one or more of the following actions:
to contact you to discuss the Client’s requirements and questions, using e-mail, phone or Teams.
• to contact you to discuss the Client’s requirements and questions, using e-mail, phone or Teams.
• to send you the requested detailed information on our products and services.
• to provide you with a formal quotation for our services, including prices, delivery dates, invoices, and activation links.
• to fulfil our contractual obligations to the Client, e.g. executing a purchase order we have received from the Client. - For contact purposes (article 6(1)(f) of the GDPR)
a) to ensure the possibility of direct communication with the Client’s employees/representatives – various possible methods of contact can be used (e.g. by e-mail, phone or via the website). In such case, your personal data will be used to respond to your question or request. You can also be contacted in connection with important contractual issues. The processing is based on our legitimate interest; - For marketing purposes (article 6(1)(a) of the GDPR or article 6(1)(f) of the GDPR).
a) to send marketing materials – with your consent or where we have a legitimate interest, we can send you marketing information to keep you informed about events, special offers, opportunities and the Company’s current and future products and services. When we contact you about marketing communications, we will contact you by e-mail or through newsletters, brochures or magazines (mailings). If you no longer wish to receive surveys or marketing information from us, please contact us as specified in clause 12 below. - To pursue the Company’s business purposes (article 6(1)(f) of the GDPR)
a) to protect the Company’s assets and interests – to the extent necessary to pursue our legitimate interests, we will process your personal data as appropriate or necessary (a) to enforce our obligations; (b) to protect our interests; (c) to protect our rights, privacy, security or property or the rights, privacy, security or property of you or others; (d) to enable us to enforce the legal remedies available to us or limit the damage we may incur; and (e) to determine, pursue or defend against any claims that may arise. - To comply with legal obligations (article 6(1)(c) of the GDPR)
a) If the processing is necessary to fulfil a legal obligation incumbent on the Company, we will process personal data in order to meet such legal obligations arising, in particular, from tax and accounting law, as well as from anti-money laundering and terrorist financing regulations.
4. PROCESSING OF USERS’ PERSONAL DATA; COOKIE POLICY
Personal data of the Users may be processed to the extent necessary for the purposes of our legitimate interests, in particular, to ensure the possibility of the operation and proper functioning of the Website, collect general statistical information, examine the functional aspects of the Website and ensure the possibility of its operation and proper functioning under article 6(1)(f) of the GDPR.
The Website uses cookies (i.e. small text files sent to the user’s device that identify it to the extent necessary to simplify or cancel a given operation) in order to collect information related to the use of the Website by the User.
Cookies help, in particular, to maintain the User’s session, adjust the operation of the Website to the User’s preferences, adjust the Website to the User’s needs and create the Website viewing statistics. The following types of cookies are used on the Website:
a) necessary cookies that help to improve services and the user experience on the Website and are used in particular to configure the Website;
b) analytical cookies that collect information on how Users use the Website. This type of cookie does not collect personally identifiable information but may collect the IP address of the User’s device. The information collected through cookies is used to improve the Website, adjust the Website operations to the User preferences and create the Website usage statistics.
The following types of cookies can be distinguished in terms of how long they are stored in the browser:
a) session cookies that are stored in the User’s device and remain there until the end of a given browser session. The stored information is then permanently deleted from the device memory. The mechanism of session cookies does not allow to download any personal data or any confidential information from the User’s device;
b) persistent cookies that are stored in the User’s device for the time specified in the parameters of cookie files or until deleted by the User. Ending the session of a given browser or switching off the device does not cause the cookies to be removed from the User’s device. The mechanism of persistent cookies does not allow to download any personal data or any confidential information from the User’s device.
The following types of cookie files can be distinguished according to their origin:
a) first-party cookies that are placed by the Website’s web servers. The Website only uses the first-party cookies;
b) third-party cookies that are placed by web servers of websites other than the Website.
Below you will find detailed information on the cookies used on the Website:
| Cookie name | Cookie purpose | Cookie type | Expiration period | Origin |
|---|---|---|---|---|
| _ga | Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site’s analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors. | Analytical | Persistent cookie (2 years) | First-party cookie |
| _ga_* | Google Analytics sets this cookie to store and count page views. | Analytical | ||
| _GRECAPTCHA | Google Recaptcha service sets this cookie to identify bots to protect the website against malicious spam attacks. | Necessary | ||
| cookieyes-consent | CookieYes sets this cookie to remember users’ consent preferences so that their preferences are respected on subsequent visits to this site. It does not collect or store any personal information about the site visitors. | Necessary | ||
| wordpress_test_cookie | WordPress sets this cookie to determine whether cookies are enabled on the users’ browsers. | Necessary | ||
| _lscache_vary | Litespeed sets this cookie to provide the prevention of cached pages. | Functional |
Third party cookies are not controlled by the Company, which receives only limited information from their main provider. Therefore, when agreeing to them, please refer to the cookie policy of the respective supplier for further information.
If you use the Website without the cookie settings that block the automatic handling of cookies being changed, this means that you accept the use of cookies on the terms described in this Policy as the default settings of your browser are treated as your informed consent to the cookies being installed.
If the Website does not include a dedicated tool for managing cookies in order to express or withdraw consent, the User may at any time change the cookie settings, specifically, to the extent that the automatic handling of cookies be blocked in the settings of the Internet browser or that information be provided whenever a cookie is placed in the User’s device; blocking of cookies can, however, impair the functioning of the Website. Detailed information about whether and how the cookie settings can be changed in the most popular Internet browsers can be obtained at the addresses:
a) Google Chrome https://support.google.com/chrome/answer/95647?hl=pl;
b) Firefox https://support.mozilla.org/pl/kb/ciasteczka?esab=a&s=ciasteczka&r=0&as=s;
c) Internet Explorer https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies;
d) Opera http://help.opera.com/Windows/12.10/pl/cookies.html;
e) Safari https://support.apple.com/pl-pl/guide/safari/sfri11471/mac.
Please be informed that when the User connects to the Website, information about the number (including the IP), type of the user’s end device from which the User connects to the Website, how long the User has been connected to the Website and other information about the User’s activity on the Website appears in the Website system logs.
5. HOW LONG DOES THE COMPANY STORE PERSONAL DATA?
Personal data of the Users:
a) personal data of the Users will be processed during the term of the contract concluded by the Company with the Client, and subsequently, for the period of limitation of possible claims set under the generally applicable law;
b) if the processing is necessary to meet the Company’s legal obligation, the personal data of the Users will be processed for the period of time stipulated under the generally applicable law, specifically, the tax law and accounting regulations;
c) if the processing is necessary for the purposes of the legitimate interests pursued by the Company or a third party, the personal data of the Users will be processed for a period no longer than it is necessary for the purposes for which the data is processed or until an objection to the processing of personal data is made;
d) if personal data is processed on the basis of the consent, the personal data will be processed until the consent to the processing of personal data has been withdrawn.
The Users’ personal data is stored until the cookie expires on your computer.
6. WHO HAS ACCESS TO PERSONAL DATA?
The Company is part of the Brand New Galaxy capital group (the “Group”). Your personal data will also be processed by other Group companies for the purposes set out below, provided that the Company or the recipient of the data, being a Group company, is able to demonstrate its legitimate interest in or has your consent to such processing. The following Group entities have entered into personal data joint controllership agreement in order to better safeguard the interests of data subjects:
- BNG Business Services spółka z ograniczoną odpowiedzialnością (KRS number: 0000268922)
- Berbenno spółka z ograniczoną odpowiedzialnością (KRS number: 0000957701)
- Pathfinder23 spółka z ograniczoną odpowiedzialnością (KRS number: 0000689667)
- Assembly Poland spółka z ograniczoną odpowiedzialnością (KRS number: 0000757093)
- Spacecamp spółka z ograniczoną odpowiedzialnością (KRS number: 0000691123)
If you have any questions about the joint controllership, please contact us (section 12 of this policy).
The Users’ and Users’ personal data can be transferred:
a) to other Brand New Galaxy group companies to the extent necessary to pursue the legitimate interests pursued by the Company and by these companies, specifically, for internal administrative purposes;
b) to our external service providers, only when and to the extent necessary to facilitate the provision of their services to us, including but not limited to IT service providers, accounting companies and other entities providing ongoing technical, organisational and business support to the Company, where such entities process data under a data processing agreement and solely upon the controller’s instructions;
c) in connection with a sale or business transaction – we have a legitimate interest in the disclosure or transfer of your personal data to a third party in the event of any reorganisation, merger, sale, joint venture, assignment, transfer or other disposal of all or any part of our business, assets or shares (also in connection with bankruptcy or similar proceedings). Such third parties may be, for example, the acquiring company and its advisers.
7. RIGHTS OF DATA SUBJECTS
All persons whose data are processed by the Company are vested with the rights set out in the GDPR.
Consequently, you have the following rights:
a) the right to access data and obtain a copy;
b) the right to rectification;
c) the right to erasure;
d) the right to restriction of processing;
e) the right to object – with regard to processing of personal data for the purposes of the Company’s legitimate interests and for direct marketing purposes;
f) the right to data portability – with regard to processing of personal data on the basis of the consent or contract and in an automated manner;
g) the right to lodge a complaint with the supervisory authority.
8. RIGHT TO WITHDRAW CONSENT
In certain cases, we may ask for your consent to process your data (e.g. for marketing purposes). If you have given us your consent to the processing of your personal data, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of the data processing that had been carried out based on your consent before it was withdrawn. You can withdraw your consent by contacting us at ochronadanych@brandnewgalaxy.com.
9. IS IT MANDATORY TO PROVIDE PERSONAL DATA?
In the case of the Users, the personal data is provided to us voluntarily, but it may also be a condition for the contract to be performed.
When we collect your data on the basis of your consent, providing personal data is voluntary.
10. AUTOMATED DECISION MAKING
The personal data you provide will not be used to make automated decisions about you.
11. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
If it is necessary in a given situation, personal data may be transferred outside the European Economic Area in one of the situations:
a) in relations to personal data of the Users:
- personal data may be transferred to one of the third countries for which the European Commission has issued a decision confirming an adequate level of protection of personal data in that country pursuant to art. 45(3) GDPR, if it is necessary to achieve the purposes of data processing. The basis for the transfer of personal data is art. 45(1) GDPR. Personal data may be transferred in this way to Argentina, Canada, Japan, New Zealand, Switzerland or the United States of America;
- personal data may also be transferred to a third country for which the European Commission has not issued a decision confirming an adequate level of personal data protection pursuant to art. 45(3) GDPR, if it is necessary to perform the contract. The basis for the transfer of personal data is art. 49(1)(d) GDPR.
Whenever personal data is transferred to a third country, it is ensured that data subjects are informed of the intended transfer.
12. HOW IS YOUR PERSONAL DATA SECURED?
In our opinion, and based on our risk assessment, we have taken appropriate steps to ensure the security of your personal data. We have considered the risk of the data being accidentally or unlawfully destroyed or accidentally lost, damaged, altered, being made available or accessed without authorisation or otherwise unlawfully processed (including, but not limited to, unnecessary collection of data) or further processed.
13. HOW TO CONTACT US
We have appointed the Data Protection Officer whom you can contact in case of questions about the protection of your personal data:
a) via e-mail at: ochronadanych@brandnewgalaxy.com;
b) in writing, at the Company’s registered office address:
Spacecamp spółka z ograniczoną odpowiedzialnością, ul. Ząbkowska 31, 03-736 Warsaw.
14. SOURCE OF PERSONAL DATA
Personal data of the Users was obtained by the Company as a result of (a) the Client having indicated the User as a person authorised to represent the Client or as a contact person in the contract concluded between the Company and the Client; (b) the personal data of the User having been otherwise forwarded during the term of the contract concluded between the Company and the Client.