1. Data of Personal Data Administrator
    We would like to inform you that the administrator of your personal data is the company Greenlogic Sp. z o.o. [Pty Ltd.] with its registered office in Wrocław (Post Code 50-075) at Unit 13, 203 Krupnicza Street, entered into the National Court Register – kept by the District Court for Wrocław-Fabryczna VI Commercial Division under KRS No. [National Court Register No.] 0000602965, NIP No. [ABN] PL8943073554, REGON No. [Statistical ID No.] 363758260, hereinafter referred to as the “Company”. In all matters regarding the protection of personal data, you can contact the designated Data Protection Officer at [email protected],
  2. Goals and legal basis of personal data processing
    In order to provide services in accordance with the activity profile, the Company processes your personal data for various purposes, but always in accordance with the law. Below you will find specific purposes for the processing of personal data together with the legal basis.  Personal data is processed in order to:

    1. quotation of the service and the execution of the service – the legal basis for such data processing is article 6 (1) (b) GDPR, which allows personal data to be processed if it is necessary to perform the contract or take steps to conclude the contract; if you decide to also give your name, we acknowledge that you have consented to the processing of your name too – then the legal basis for such processing is article 6 (1) (a) GDPR, which allows personal data to be processed on the basis of a voluntary consent;
    2. sending marketing offers via electronic communication about offers, promotions and news regarding our products – The legal basis for such data processing is article 6 (1) (a) GDPR, which allows personal data to be processed on the basis of a voluntary consent;
    3. sending e-mail notifications about messages in the client’s panel we process such personal data – the legal basis for such data processing is article 6 (1) (f) GDPR, which allows personal data to be processed, if, in this way, the Personal Data Administrator performs its legitimate interest (in this case, the interest of the Company is to inform the client about activities related to the service to increase the comfort of using the website);
    4. telephone contact in matters related to the execution of the service – The legal basis for such processing is article 6 (1) (a) GDPR, which allows personal data to be processed on the basis of a voluntary consent;
    5. issuing invoices and fulfilling other obligations resulting from tax law, such as storing accounting records for 5 years – the legal basis for such data processing is article 6 (1) (c) GDPR, which allows personal data to be processed, if such processing is necessary to fulfil the obligations arising from the law by the Personal Data Administrator;
    6. creating registers and records related to GDPR, including for example the register of clients who raised an objection in line with GDPR – the legal basis for such data processing is, first of all, article 6 (1) (c) GDPR, which allows personal data to be processed, if such processing is necessary to fulfil the obligations arising from the law by the Personal Data Administrator; secondly, article 6 (1) (f) GDPR, which allows personal data to be processed, if, in this way, the Personal Data Administrator performs its legitimate interest (in this case, the interest of the Company is to have knowledge about people who exercise their rights under GDPR);
    7. establishing, investigating or defending against claims – The legal basis for such data processing is article 6 (1) (f) GDPR, which allows personal data to be processed, if in this way the Personal Data Administrator performs its legitimate interest (in this case, the interest of the Company is to have personal data that can identify, assert or defend against claims, including customers and third party);
    8. archival and evidential – for the needs of information security, which may serve to demonstrate facts of legal significance. The legal basis for such data processing is article 6 (1) (f) GDPR, which allows personal data to be processed, if this way the Personal Data Administrator performs its legitimate interest (in this case, the interest of the Company is to have personal data that will prove certain facts related to the provision of services, e.g. he requests it);
    9. using cookies on the website we process such text information (cookies will be described in a separate section). The legal basis for such processing is article 6 (1) (a) GDPR, which allows personal data to be processed on the basis of a voluntary consent (the first time you access a website, you will be asked for permission to use cookies);
    10. website administration – these data are automatically saved in the so-called server logs, each time a website belonging to the Company is used. It would not be possible to administer the website without using the server and without this automatic saving. The legal basis for such data processing is article 6 (1) (f) GDPR, which allows personal data to be processed, if, in this way, the Personal Data Administrator performs its legitimate interest (in this case, the Company’s interest is to administer the website);
  3. The right to withdraw consent
    1. If the processing of personal data takes place on the basis of consent, you can withdraw your consent at any time – at its sole discretion.
    2. If you would like to withdraw your consent to the processing of personal data, it is sufficient to:
    3. If the processing of your personal data took place on the basis of consent, its withdrawal does not mean that the processing of personal data up to this point was illegal. In other words, until the withdrawal of consent, we have the right to process your personal data and its cancellation does not affect the legality of the current processing.
  4. The requirement to provide personal data 
    Providing any personal data is voluntary and depends on your decision. However, in some cases, providing certain personal information is necessary to meet your expectations for the use of services.
  5. Automated decision making and profiling
    We kindly inform you that we do not make automated decision-making, including on the basis of profiling. The content of the inquiry that is sent is not subject to automated evaluation by the IT system.
  6. Recipients of personal data 
    1. In our activity, we use the help of other entities, which often involves the necessity to provide personal data. Therefore, if necessary, we provide your personal data to service providers cooperating with us, lawyers, quick payment companies, accounting firm, hosting company and others similar.
    2. In addition, it may happen that, for example, on the basis of the appropriate law or decision of the competent authority, we will be required to pass your personal data to other entities, whether public or private. On our part, we ensure that every case of the request to provide personal data is analyzed very carefully and very acutely, in order to inadvertently not disclose information to an unauthorized person.
  7. Transfer of personal data to third countries
    Like most entrepreneurs, we use various popular services and technologies offered by such entities as Facebook, Twitter, Microsoft, Google. These companies are based outside the European Union and Australia and are therefore treated as third countries in the light of GDPR regulations.

    1. GDPR introduces certain limitations in the transfer of personal data to third countries, because, as it does not apply, as a rule, European regulations, the protection of personal data of European Union citizens may, unfortunately, be insufficient. Therefore, each personal data administrator is required to establish the legal basis for such transmission.
    2. We assure you that when using services and technologies, we only transfer personal data to entities from the United States and only those who have joined the Privacy Shield, based on the European Commission’s decision of July 12, 2016 – more on this subject read the European Commission website at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_pl. Entities that have joined the Privacy Shield guarantee that they will comply with the high standards of personal data protection that are in force in the European Union, that is why using their services and technologies offered in the processing of personal data is legal.
    3. At any time, we will give you additional explanations regarding the transfer of personal data, in particular when this issue raises your concern.
    4. You have the right to obtain a copy of your personal data transferred to a third country at any time.
  8. The period of personal data processing
    1. In accordance with applicable law, we do not process your personal information “indefinitely”, but for the time that is needed to achieve the goal. After this period, your personal data will be irretrievably deleted or destroyed.
    2. In a situation where we do not need to perform other operations on your personal data than to store them (eg when we store the content of the order for the purposes of defending against claims), until they are permanently removed or destroyed, we additionally secure them – through pseudonymisation. Pseudonymisation consists of such encryption of personal data or a personal data set that it is impossible to read them without an additional key, and thus such information becomes completely useless to an unauthorized person.
    3. Regarding individual periods of personal data processing, we kindly inform you that we process personal data for the period of:
      • the duration of the contract – in relation to personal data processed in order to conclude and perform the contract;
      • 3 years or 10 years + 1 year – in relation to personal data processed in order to establish, assert or defend claims (the length of the period depends on whether both parties are entrepreneurs or not);
      • 12 months – in relation to personal data that were collected when valuing the service, and at the same time the contract was not concluded immediately;
      • 5 years – in relation to personal data related to the fulfilment of obligations under tax law;
      • until the consent is withdrawn or the purpose of processing has been withdrawn, but not for more than five years – in relation to personal data processed on the basis of consent;
      • until the moment of filing an objection or achieving the purpose of the processing, but not for more than 5 years – in relation to personal data processed on the basis of the legitimate interests of the Personal Data Administrator or for marketing purposes;
      • until the time of obsolescence or loss of usefulness, however, but not longer than for three years – in relation to personal data processed mainly for analytical purposes, the use of cookies and the administration of the website.
    4. We count the periods in years from the end of the year in which we started processing personal data to improve the process of removing or destroying personal data. The separate calculation of the deadline for each concluded contract would entail significant organizational and technical difficulties, as well as a significant financial outlay, therefore establishing one date of removing or destroying personal data allows us to manage this process more efficiently. Of course, if you use the right to be forgotten, such situations are considered individually.
    5. The additional year associated with the processing of personal data collected for the performance of the contract is dictated by the fact that you can hypothetically claim a moment before the expiry of the limitation period, the request may be delivered with a significant delay or you may incorrectly determine the limitation period of your claim.
  9. Data subjects’ rights 
    1. We kindly inform you that you have the right to:
      • access to your personal data;
      • correcting personal data;
      • deletion of personal data;
      • restrictions on the processing of personal data;
      • opposition to the processing of personal data;
      • transfer of personal data.
    2. We respect your rights under the provisions on the protection of personal data and we strive to facilitate their implementation to the highest possible extent.
    3. We indicate that these rights are not absolute and therefore we may legally refuse you to comply with the law in certain situations. However, if we refuse to accept the request, then only after careful consideration and only if the refusal to take into account the request is necessary.
    4. Regarding the right to object, we explain that you have the right to oppose the processing of personal data at any time based on the legitimate interest of the Data Administrator in relation to your particular situation. However, you must remember that in accordance with the law, we may refuse to take into account the objection, if we demonstrate that:
      • there are legitimate grounds for processing that override your interests, rights and freedoms or
      • there are grounds for establishing, investigating or defending claims.
    5. In addition, you may object to the processing of your personal data for marketing purposes at any time. In this situation, after receiving the objection, we will stop processing for this purpose.
    6. You can exercise your rights by:
  10. “Cookies”
    1. The Website of the Service Provider uses “cookies”. The lack of changes in the browser settings on the part of the Client is tantamount to consent to their use.
    2. The installation of “cookies” is necessary for the proper execution of services on the website. The “cookies” files contain information necessary for the proper functioning of the website, in particular, those requiring authorization.
    3. The website uses types:
      • session cookies
      • permanent cookies
      • third-party cookies
      1. “Session” cookies are temporary files that are stored in the Customer’s end device until they log out (leave the website).
      2. “Permanent” cookies are stored in the Service User’s terminal device for the time specified in the “cookie” file parameters or until they are deleted by the User.
      3. “Third-party” cookies allow a better understanding of how the Customer interacts with the content of the website, and better organize his layout. “Third-party” cookies collect information about the manner of using the website by the Customers, the type of website from which the Recipient was redirected, and the number of visits and time of the Customer’s visit to the website. This information does not record specific Customer’s personal data, but it is used to develop statistics on the use of the website.
    4. The user has the right to decide on the access of cookies to his computer by selecting them in the window of his browser. Detailed information about the possibilities and ways of handling cookies are available in the software (web browser) settings.
  11. The right to lodge a complaint
    If you believe that your personal data is being processed contrary to the law in force, you can complain to the Inspector General for the Protection of Personal Data in Poland.
  12. Final provisions 
    1. To the extent not covered by this Privacy Policy, there are provisions regarding the protection of personal data.
    2. Any changes you make to this Privacy Policy will be notified via e-mail. This Privacy Policy applies from May 25, 2018.