Infracht Sp. z o.o. in Kraków ("Policy")
- "Personal data" means any information relating to an identified or identifiable natural person ("data subject").
- Personal data Controller is the entity which alone or jointly with others determines the purposes and means of the processing of personal data.
- Your personal data Controller in connection with the provision of services through Infracht Platform is:
Infracht Sp. z o.o. in Kraków ul. Siewna 18, 31-231 Kraków
entered into the register of entrepreneurs kept by
District Court for Kraków- Śródmieście in Kraków
11th Economic Division of the National Court Register
KRS 0000651823 Tax ID 6972329044 REGON 366066219
- In all issues relating to this Policy, you can contact the Controller at the address given above or by email at: email@example.com.
- This document refers to services rendered by the Administrator on Infracht Platform in www.infracht.com, www.infracht.pl, and www.infracht.eu domains (General Exchange service and "Trusted Partners" Private Exchange service).
Grounds, purposes and periods of processing
- The data Controller hereby agrees to protect your personal data according to the Regulation (EU) No. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter "GDPR" and other provisions of common law.
- Your personal data provided to us as part of the contract for the provision of services through the Platform and during the contract term are processed by Infracht for the following purposes:
- necessity to fulfil our legal obligations (art. 6 paragraph 1.c of GDPR) – consisting in the fulfilment of tax obligations (issuance and settlement of invoices and other accounting documents),
- necessity to fulfil our legal obligations (art. 6 paragraph 1.c of GDPR) consisting in the fulfilment of obligations related to the exercise of rights specified in GDPR (in the scope necessary for identification and verification of the identity of a requesting person and giving a response)
- fulfilment of our legitimate interest (art. 6 paragraph 1.f of GDPR), in the form of:
- direct marketing of our products or services during the contract term, provided that in the case of email marketing or telephone marketing an additional consent for the source of marketing message shall be received,
- ensuring the safety of services provided,
- carrying out the statistical analysis, with the results designated for the needs of improving the quality of services provided by the data Controller,
- opening accounts for the User's employees as part of the implementation of the contract concluded with the User – regarding the data of their employees who are not the party to the contract with Infracht, necessary to create sub-accounts on the Platform (name, surname, email address and phone number).
- Personal data mentioned in paragraph 2 above are processed in the following periods:
- data processed for the purpose of concluding and implementing the contract – throughout the contract term, and subsequently until the expiration of mutual claims (solely for determining, redress or defence against claims);
- data processed for the purpose of fulfilling the tax obligations – throughout the period specified in the tax law, as a rule 5 years following the end of the calendar year of invoice issuance;
- data processed with the purpose of performing obligations related to the exercise of rights specified in GDPR – throughout the period allowing the defence against claims (throughout the period of expiration of claims arising out of violations of privacy);
- data processed for the purposes of direct marketing of our products and services – until an objection is filed (or until the consent is withdrawn for electronic or phone marketing, and after filing an objection/withdrawal of the consent solely for the purpose of defence against claims (for the period of expiration of claims arising out of violations of privacy));
- data processed with the purpose of determining, redress or defence against claims – for the period of expiration of claims assigned both against the Data Controller and to the Data Controller;
- data processed with the purpose of ensuring the safety of services provided – until an effective objection is filed (see below) or until the expiration of mutual claims relating e.g. to the infringement of security rules on the Platform – whichever occurs earlier;
- data processed with the purpose of carrying out the statistical analysis – until an effective objection is filed or until the expiration of mutual claims relating e.g. to the infringement of security rules on the Platform – whichever occurs earlier;
- data processed with the purpose of opening an account for the User's employee – until the account is opened, and subsequently for the period of the provision of services on the Platform or until the expiration of claims.
- Taking into account the state of technical knowledge, the cost of implementation and the nature, scope, context and purposes of processing and the risk of infringing the rights or freedoms of natural persons of different probability and scale of threat, Infracht implements proper technical and organizational measures in order to ensure the security level relevant to the risk, including, where appropriate, e.g.:
- pseudonymization and encryption of personal data;
- capacity to continuously ensure the confidentiality, integrity, availability and resilience of processing systems and services;
- capacity to quickly restore the availability and access to personal data in case of a physical or technical incident;
- regular testing, measuring and assessing the effectiveness of technical and organizational measures aimed at ensuring the security of processing.
- Especially, in order to ensure safety, Infracht:
- uses SSL encryption – by accessing the account only by entering the correct login and password; it is recommended to set complicated, varied passwords consisting of more characters (small and capital letters, digits), and to keep the data solely for the User,
- verifies the methods of collecting, storing and processing data, including physical safety measures, in order to protect the system against unauthorized access,
- grants relevant authority to employees having insight into personal data,
- obliges employees to keep the data and the security means in secret,
- concludes processing contracts with personal data processors performing the processing as ordered by Infracht and obliges processors e.g. to secure the data.
Transfer of data
- Your personal data may be transferred to other entities (recipients and other third parties), so that Infracht can fulfil the objectives of processing your data related to the services provided to you and mentioned above (Grounds, purposes and periods of processing) solely in the scope necessary for the fulfilment of the objectives.
- The data may be transferred to entities such as companies offering accounting and HR services, cloud storage services, call centre, payment verification or mailing services, subject to requirements resulting from the provisions of law on the basics of data transferring, especially in the form of entering into a relevant personal data processing contract.
- Personal data may also be made available to courts and public administration bodies, if required by relevant law (Polish of EU).
- Your personal data may be transferred to the USA as part of our cooperation with an entity mailing the Platform Users as ordered by us (as part of the contract implementation and marketing of our products or services). Regardless of fulfilling the remaining requirements in this matter, the basis for the data transfer is the European Commission Implementing Decision of 12 July 2016 introducing the so-called Privacy Shield. The entity we cooperate with is certified subject to this decision, which means that a relevant level of data protection is ensured. For more information click here: https://eur-lex.europa.eu/legal-content/PL/TXT/PDF/?uri=CELEX:32016D1250&qid=1524570388700&from=EN or contact us.
- Your personal data can be viewed by Infracht employees as well – solely in the scope necessary for the performance of tasks arising from their respective positions. They are bound by an obligation of data confidentiality.
- Unregistered Infracht Users may use the Website to a limited extent only, resulting solely in providing statistical data used by Google Analytics.
- The User may file a request with Infracht including the right to access, rectify, erase or limit the processing of the personal data and the right to object the processing, as well as to use the right to transfer the data – following the provisions of GDPR.
- The above requests can be reported to Infracht address specified in the introductory paragraph or by email to firstname.lastname@example.org. In the same way the User shall declare the willingness to delete an account.
- As a response to a request, the User may be asked to provide data necessary for the verification of their identity or provide additional information necessary for the correct processing of the request.
- If the data were processed based on a consent – the User may withdraw the personal data processing consent at any time by contacting Infracht team by email at email@example.com or at the address specified in the introductory paragraph.
- Withdrawal of a consent does not impact the lawfulness of the processing executed by the time the consent becomes withdrawn. In case of a consent withdrawal, the data Controller shall assess if grounds for data processing exist. In such a case, further processing shall be possible for the purposes of defence against claims (e.g. through demonstration that the right to withdraw a consent has been exercised) and only in the scope necessary for the purpose.
- Personal data processing can occur for a marketing purpose by email or by phone, upon the prior consent of the User expressed at the account registration, including the receiving of marketing information of products and services by email or by phone. The User can at any time withdraw their consent to receiving such information by sending a request to the system administrator to firstname.lastname@example.org.
- The User should remember that every time the personal data shall be processed based on art. 6 paragraph 1.f) of GDPR (see above), i.e. in a so-called legitimate interest of the data Controller, they can, at any time, object to processing of the personal data, on grounds relating to their particular situation. Upon the objection, the data Controller will not be able to process the personal data, unless they demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
- The User should also remember that in cases of personal data processing based on art. 6 paragraph 1. f) of GDPR (see above) for marketing purposes – marketing of Infracht's own products or services – there is no need to justify the objection with a particular situation, and upon objection the data Controller will no longer be able to process personal data based on art. 6 paragraph 1. f) of GDPR for the purpose of marketing Infracht products and services, in the scope the data were processed for this purpose.
- The objection can be reported to Infracht address specified at the beginning or by email to email@example.com.
- The personal data shall be obtained directly from you (through the account, in the transaction process). Data can be obtained from other sources solely for the purpose of providing a service.
- We also inform of the possibility of filing a complaint to a supervisory authority (competent authority of personal data protection).
- Infracht uses the so-called cookies, small text files sent by Infracht through the browser and saved on a hard disk of a computer or other devices enabling the use of the website, thanks to which the Platform can remember the settings and collect information which makes it possible to adapt the services and contents to the Platform Users' preferences and needs, and also for statistical purposes using the Google Analytics tool.
- Unfortunately, without using cookies we are not able to offer you the full system functionality.
- Cookies can be used for determining the Users' identity (names, surnames, e-mail addresses, contact phone numbers etc.). A cookie file usually contains a so-called file validity period, the name of a domain it comes from and the parameter name and value.
- Cookies are not harmful for the computer or other devices and data saved on them, that is why we recommend not disable them in the browser. Thanks to this, you will be able to save your preferences, e.g. the website language, or remember the posted and accepted offers.
- Cookies are also used in developing statistics, they help to observe the way in which the Users utilize the Infracht Platform, which allows to improve its content and structure.
- Cookies maintain the Infracht Platform User's session and thanks to this it is not necessary to log in to every subsite to be able to use all functionalities.
- Infracht Platform uses the following types of cookies:
- files necessary for the correct use of the basic Platform functions, e.g. cookies used with services requiring authorization,
- cookies used to guarantee the safety of the Platform Users,
- performance files, informing of the way in which the Infracht Platform is utilized by the Users,
- functional files, allowing to keep personalized Infracht User settings, i.e. language of communications, etc.,
- "advertising" cookies, the purpose of which is to provide the Users with commercial content adapted to their needs and hobbies.
- Infracht retargets the advertisements of marketing partners in order to optimize the quality of advertisements displayed for the website users. Data transferred to such partners are entirely anonymized and serve solely the best matching of the ads.
This document is valid from May 25, 2018. The previous version of the document can be found here.