1. DEFINITIONS
1.1 Administrator - Insbuy Sp. z o.o. with its registered office in Toruń, ul. Marii Konopnickiej 11/1, 87-100 Toruń, Poland, Poland, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, XII Commercial Division of the National Court Register, under KRS No.: 0000861910 , REGON No.: 387166290.
1.2 Personal data - all information about an individual identified or identifiable by one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity, including the IP of the device, location data, internet identifier and information collected through cookies and other similar technology.
1.3 Policy - this Privacy Policy.
1.4 GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
1.5 Service - website available at: www.insbuy.app
1.6 User - any natural person visiting the Website or using one or more services or functionalities described in the Policy.
2. DATA PROCESSING IN CONNECTION WITH THE USE OF THE SERVICE
2.1 In connection with the use of the Service by the User, the Administrator collects personal data to the extent necessary to provide particular services offered. Below are described detailed rules and purposes of processing personal data collected during the use of the Service by the User.
3. PURPOSES AND LEGAL BASIS OF DATA PROCESSING IN THE SERVICE
3.1 The Service Administrator processes personal data:
3.1.1. in order to provide services by electronic means within the scope of the content collected in the Service to be made available to the Users - then the legal basis for the processing is the Administrator's legally justified interest in providing the Users with the necessary functionalities of the Service (Article 6.1.f. of the GDPR);
3.1.2. for analytical and statistical purposes - then the legal basis for the processing is the User's consent (Article 6.1.a. of the GDPR);
3.1.3. to reply to the message sent to you. The legal basis for the processing of your data is then the legitimate interest of the Controller (Article 6.1.f. GDPR) to respond to the message received.
3.1.4. in order to carry out the recruitment - then the legal basis is: Article 6(1)(c) of the GDPR, i.e. the legal obligation resulting from the provision of Article 22 (1) of the Labour Code - in the case of seeking employment on the basis of an employment contract, and Article 6(1)(b) of the GDPR, i.e. taking action at the request of the entitled entity before concluding the contract - in the case of seeking employment on the basis of a civil-law contract, and Article 6(1)(b) of the GDPR, i.e. taking action at the request of the entitled entity before concluding the contract. (a) GDPR - i.e. consent to the processing of your personal data to a broader extent than is provided for in Article 22 (1) of the Labour Code and Article 6.1.a. of the GDPR - i.e. consent to participate in future recruitment processes as well as Article 6.1.f. of the GDPR - i.e. a legitimate interest of the Administrator - in order to verify your qualifications and possibly assert or defend against your claims.
3.1.5. in order to establish and maintain business cooperation - then the basis for the Administrator's processing of your personal data is Article 6.1.f. of the GDPR, i.e. the Administrator's legitimate interest in conducting business cooperation.
3.1.3. in order to possibly establish and pursue claims or defend against them, the legal basis for the processing is the legitimate interest of the Administrator (Article 6.1.f. of the GDPR) in protecting his rights;
3.1.4. for the marketing purposes of the Administrator and other entities, in particular those related to the presentation of behavioural advertising - the principles of personal data processing for marketing purposes are described in the "MARKETING" section.
3.2 The User's activity in the Service, including his/her personal data, is recorded in system logs (a special computer program used to store a chronological record containing information on events and actions concerning the IT system used by the Administrator to provide services). The information collected in the logs is processed primarily for the purposes related to the provision of services. The Administrator also processes it for technical and administrative purposes, for the purposes of ensuring security of the IT system and managing it, as well as for analytical, statistical and marketing purposes - in this respect, the legal basis for processing is the Administrator's legally justified interest (Article 6.1.f. of the GDPR).
4 MARKETING
4.1 The Administrator processes Users' personal data in order to carry out marketing activities, which may include
4.1.1. displaying to the User marketing content that is not adjusted to his/her preferences (contextual advertising);
4.1.2. displaying to the User marketing content corresponding to his/her interests (behavioural advertising);
4.1.3. conducting other activities related to direct marketing of goods and services (sending commercial information electronically and telemarketing activities)
4.2 In order to carry out marketing activities, the Administrator in certain cases uses profiling. This means that thanks to automatic data processing, the Administrator evaluates selected factors concerning natural persons in order to analyse their behaviour or create a forecast for the future.
CONTEXTUAL ADVERTISING
4.3 The Administrator processes the Users' personal data for marketing purposes in connection with the sending of contextual advertising to the Users (i.e. advertising which is not adjusted to the User's preferences). The processing of personal data is then carried out in connection with the fulfilment of the Administrator's legitimate interest (Article 6.1.f. of the GDPR).
BEHAVIOURAL ADVERTISING
4.4 The Administrator and his trusted partners process personal data of the Users, including personal data collected via cookies and other similar technologies, for marketing purposes in connection with directing behavioural advertising to the Users (i.e. advertising that is tailored to the User's preferences). The processing of personal data then includes profiling of Users. The use of personal data collected through this technology for marketing purposes, in particular to promote services and goods of third parties, requires the User's consent. This consent may be withdrawn at any time, which does not affect the legality of data processing until the withdrawal of consent.
DIRECT MARKETING
4.9 The User's personal data may also be used by the Administrator to direct marketing content to him/her through various channels, i.e. by e-mail, MMS / SMS or telephone. Such actions are taken by the Administrator only if the User has given his consent to them, which can be withdrawn at any time, which does not affect the legality of data processing until the withdrawal of consent.
5. SOCIAL NETWORKING SITES
5.1 The Administrator processes personal data of Users visiting the Administrator's profiles maintained in social media (Facebook, YouTube, Instagram, Twitter) and Users registering or logging in to the Application using the User profile maintained on the social network. The data is processed solely in connection with maintaining the Administrator's brand profile, including for the purpose of informing the Users about the Administrator's activities and promoting various events, services and products, and to enable the identification of the User when registering and logging in to the Application via his/her social networking account. The legal basis for the Administrator's personal data processing for this purpose is the Administrator's legitimate interest (Article 6.1.f. of the GDPR) in promoting its own brand and enabling the User to log in and register in the Application through profiles on social networking websites.
6. COOKIES AND SIMILAR TECHNOLOGY
6.1 Cookies are small text files installed on the User's device browsing the Website. Cookies collect information facilitating the use of the Website - e.g. by remembering User's visits to the Website and actions performed by them.
THE COOKIES NECESSARY TO PROVIDE THE SERVICE
6.2 The Administrator uses cookies primarily to provide the User with services provided by electronic means. Therefore, the Administrator and other entities providing IT services to him/her use cookies, storing information or gaining access to information already stored in the User's telecommunications terminal equipment (computer, telephone, tablet, etc.). Cookie files used for this purpose include:
6.2.1. user input cookies with data entered by the User (session ID) for the duration of the session;
6.2.2. authentication cookies used for services requiring session time authentication;
6.2.3. user centric security cookies;
6.3 The list of cookies necessary to provide services:
ANALYTICAL AND STATISTICAL" COOKIES
6.4. cookies used to monitor website traffic, i.e. data analytics, including Google Analytics cookies (these are files used by Google to analyse the way the User uses the Website, to create statistics and reports on the functioning of the Website). Google does not use the collected data to identify the User or link this information to enable identification. Detailed information on the scope and principles of data collection in connection with this service can be found at: https://www.google.com/intl/pl/policies/privacy/partners.
6.5 The list of "analytical and statistical" cookies:
6.6 The Administrator and his trusted partners also use cookies for marketing purposes, e.g. in connection with directing behavioural advertising to Users. For this purpose, the Administrator and trusted partners store information or gain access to information already stored in the User's telecommunication end device (computer, telephone, tablet etc.). The use of cookies and personal data collected through them for marketing purposes, in particular to promote third party services and goods, requires the User's consent. This consent may be withdrawn at any time. Cookie files used for this purpose include:
6.6.1. multimedia player session cookies (e.g. flash player cookies), for the duration of the session;
6.6.2. persistent user interface customization cookies for the duration of the session or slightly longer,
6.7 The list of "marketing" cookies:
7. THE PERIOD OF PROCESSING OF PERSONAL DATA
7.1 The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. As a rule, the data shall be processed for the duration of the service provision or until the withdrawal of the consent or effective objection to data processing in cases where the legal basis for data processing is the legitimate interest of the Controller.
7.2 The period of processing may be extended where the processing is necessary for the establishment and assertion of possible claims or defences against them, and thereafter only if and to the extent required by law. After the expiry of the processing period, the data shall be irreversibly erased or rendered anonymous.
7.3 The information obtained by the Administrator by means of cookies shall be stored no longer than is necessary to achieve the purposes for which the information was collected. A User may at any time withdraw his consent to the Administrator's processing of data obtained from analytical, statistical and marketing cookies, as well as remove cookies from his Internet browser. Withdrawal of consent does not affect the legality of data processing until the withdrawal of consent.
8. USER RIGHTS
8.1 The User shall have the right to: access the content of the data and demand their correction, deletion, restriction of processing, the right to transfer the data and the right to object to the processing of the data, as well as the right to lodge a complaint with the supervisory body dealing with the protection of personal data.
8.2 To the extent that User's data is processed on the basis of consent, it may be withdrawn at any time by contacting the Administrator.
8.3 The User has the right to object to the processing of data for marketing purposes if the processing is carried out in connection with the Administrator's legitimate interest, as well as - for reasons related to the User's specific situation - in other cases where the legal basis for the processing is the Administrator's legitimate interest.
9. RECIPIENTS OF DATA
9.1 In connection with the provision of services, personal data shall be disclosed to external entities, including in particular suppliers responsible for the operation of IT systems, entities providing accounting services, personal data protection services, marketing agencies (in the scope of marketing services) and entities related to the Administrator, including companies from its capital group, as well as law firms, tax and audit firms.
9.2 In case of obtaining the User's consent, the Administrator may address to the User marketing content containing commercial information of the Administrator's business partners.
9.3 The Administrator reserves the right to disclose selected information concerning the User to competent authorities or third parties who request such information, based on an appropriate legal basis and in accordance with the provisions of applicable law.
10. TRANSMISSION OF DATA OUTSIDE THE EEA
10.1 The level of protection of personal data outside the European Economic Area (EEA) is different from that provided by European law. For this reason, the controller transfers personal data outside the EEA with an adequate level of protection, primarily through:
10.1.1. cooperation with entities processing personal data in countries in respect of which a relevant European Commission decision has been issued;
10.1.2. use of standard contractual clauses issued by the European Commission;
10.1.3. application of binding corporate rules, approved by the competent supervisory authority;
10.2 The controller shall always inform about the intention to transfer personal data outside the EEA at the stage of their collection.
11. PERSONAL DATA SECURITY
11.1 The controller shall conduct a risk analysis on an ongoing basis in order to ensure that personal data are processed in a secure manner - ensuring in particular that only authorised persons have access to the data and only to the extent necessary for the performance of their tasks. The controller ensures that all operations on personal data are recorded and performed only by authorized employees and associates.
11.2 The controller shall take all necessary steps to ensure that also its subcontractors and other cooperating entities guarantee the application of appropriate security measures in each case when they process personal data upon the controller's order.
12. CONTACT DETAILS
12.1 Contact with the Administrator is possible via e-mail: dataprotection@insbuy.app or in writing to the Administrator's registered office address.
12.2 The Controller has appointed a Data Protection Officer who can be contacted by e-mail: dataprotection@insbuy.app or in writing to the address of the Controller's registered office, in any matter concerning the processing of personal data.
13. CHANGES IN PRIVACY POLICY
13.1 The policy is reviewed on an ongoing basis and updated when necessary. The current version of the Policy has been adopted and is effective since October 9, 2020.
1 DEFINITIONS
1.1 Administrator - Insbuy Sp. z o.o. with its registered office in Warsaw, ul. Senatorska 2, 00 075 Warsaw, Poland, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, XII Commercial Division of the National Court Register, under KRS No.: 0000861910 , REGON NO.: 387166290.
1.2 Personal data - all information about an individual identified or identifiable by one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity, including the IP of the device, location data, internet identifier and information collected through cookies and other similar technology.
1.3 Policy - this Privacy Policy.
1.4. GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
1.5 Insbuy application (hereinafter also referred to as "Service") - a mobile application called Insbuy available on "Google Play" and "Apple App Store".
1.6 User - any natural person visiting the Application or using one or more services or functionalities described in the Policy.
2. DATA PROCESSING IN CONNECTION WITH THE USE OF THE SERVICE
2.1 In connection with the User's use of the Application, the Administrator collects data to the extent necessary to provide particular services offered, as well as information on the User's activity in the Application. The detailed rules and purposes of processing personal data collected during the User's use of the Website are described below.
3. PURPOSES AND LEGAL BASIS OF DATA PROCESSING IN THE SERVICE
USE OF THE SERVICE
3.1.Personal data of all persons using the Application (including IP address or other identifiers and information collected by means of cookies or other similar technologies), who are not registered Users (i.e. persons without a profile in the Application) are processed by the Administrator:
3.1.1. in order to provide services by electronic means within the scope of the content stored in the Application made available to the Users - then the legal basis for the processing is the Administrator's legally justified interest in providing the Users with the necessary functionalities of the Application (Art. 6.1.f. of the GDPR);
3.1.2. for analytical and statistical purposes - then the legal basis for the processing is the User's consent (Art. 6.1.a. of the GDPR);
3.1.3. for the marketing purposes of the Administrator and other entities, in particular those related to the presentation of behavioural advertising - the principles of personal data processing for marketing purposes are described in the "MARKETING" section.
3.1.4. in order to possibly establish and pursue claims or defend against them, the legal basis for the processing is the legitimate interest of the Administrator (Art. 6.1.f of the GDPR) in protecting his rights;
3.2 The User's activity in the Application, including his/her personal data, is recorded in system logs (a special computer program used to store a chronological record containing information on events and actions concerning the IT system used by the Administrator to provide services). The information collected in the logs is processed primarily for the purposes related to the provision of services. The Administrator also processes it for technical and administrative purposes, for the purposes of ensuring security of the IT system and managing the system, as well as for analytical, statistical and marketing purposes - in this respect, the legal basis for processing is the Administrator's legitimate interest (Art. 6.1.f of the GDPR).
REGISTRATION IN THE SERVICE
3.3 Persons who register in the Application are asked to provide the data necessary to create and operate an account or to give their consent to make such data available from social networking sites, by means of which they are allowed to log on to the Site. Such data are marked as required in the registration form . In order to facilitate the service, the User may provide additional data, thus agreeing to their processing.
Granting access to Insbuy's social network profile is also an expression of consent to its processing by Insbuy.
Such data can be deleted at any time. The provision of data marked as mandatory is required in order to set up and operate an account, and failure to provide such data results in the impossibility of setting up an account. The provision of other data is voluntary.
3.4 Personal data are processed:
3.4.1. in order to provide services related to the maintenance and operation of the account in the Service - the legal basis for the processing is the consent given by acceptance of the Terms of Use (Art. 6.1.a. of the GDPR);
3.4.2. for analytical and statistical purposes - the legal basis for the processing is the Administrator's legitimate interest (Art. 6.1.f. of the GDPR) in conducting analyses of the Users' activity in the Application and the manner of using the account, as well as their preferences in order to improve the applied functionalities, and in the scope of information collected using cookies - the User's consent (Art. 6.1.a. of the GDPR);
3.4.3. in order to possibly establish and pursue claims or defend against them, the legal basis for the processing is the legitimate interest of the Administrator (Art. 6.1.f of the GDPR) in protecting his rights.
3.4.4. for the marketing purposes of the Administrator and other entities - the principles of personal data processing for marketing purposes are described in the "MARKETING" section.
3.5 If the User includes in the Application any personal data of other persons (including their name, address, telephone number or e-mail address), they may do so only if they do not violate the provisions of the applicable law and their personal rights.
4 MARKETING
4.1 The Administrator processes Users' personal data in order to carry out marketing activities, which may include
4.1.1. displaying to the User marketing content that is not adjusted to his/her preferences (contextual advertising);
4.1.2. displaying to the User marketing content corresponding to his/her interests (behavioural advertising);
4.1.3. conducting other activities related to direct marketing of goods and services (sending commercial information by electronic means and telemarketing activities)
4.2 In order to carry out marketing activities, the Administrator in certain cases uses profiling. This means that thanks to automatic data processing, the Administrator evaluates selected factors concerning natural persons in order to analyse their behaviour or create a forecast for the future.
CONTEXTUAL ADVERTISING
4.3 The Administrator processes the Users' personal data for marketing purposes in connection with the sending of contextual advertising to the Users (i.e. advertising which is not adjusted to the User's preferences). The processing of personal data is then carried out in connection with the fulfilment of the Administrator's legitimate interest (Art. 6.1.f of the GDPR).
BEHAVIOURAL ADVERTISING
4.4 The Administrator and his trusted partners process personal data of the Users, including personal data collected via cookies and other similar technologies, for marketing purposes in connection with directing behavioural advertising to the Users (i.e. advertising that is tailored to the User's preferences). The processing of personal data then includes profiling of Users. The use of personal data collected through this technology for marketing purposes, in particular to promote services and goods of third parties, requires the User's consent. This consent may be withdrawn at any time, which does not affect the legality of data processing until the withdrawal of consent.
DIRECT MARKETING
4.9 The User's personal data may also be used by the Administrator to direct marketing content to him/her through various channels, i.e. by e-mail, MMS / SMS or telephone. Such actions are taken by the Administrator only if the User has given his consent to them, which can be withdrawn at any time, which does not affect the legality of data processing until the withdrawal of consent.
5. SOCIAL NETWORKING SITES
5.1 The Administrator processes personal data of Users visiting the Administrator's profiles maintained in social media (Facebook, YouTube, Instagram, Twitter) and Users registering or logging in to the Application using the User profile maintained on the social network. The data is processed solely in connection with maintaining the Administrator's brand profile, including for the purpose of informing the Users about the Administrator's activities and promoting various events, services and products, and to enable the identification of the User when registering and logging in to the Application via his/her social networking account. The legal basis for the Administrator's personal data processing for this purpose is the Administrator's legitimate interest (Art. 6.1.f. of the GDPR) in promoting its own brand and enabling the User to log in and register in the Application through profiles on social networking websites.
6. COOKIES AND SIMILAR TECHNOLOGY
6.1 Cookies are small text files installed on the User's device browsing the Website. Cookies collect information facilitating the use of the Website - e.g. by remembering User's visits to the Website and actions performed by them.
THE COOKIES NECESSARY TO PROVIDE THE SERVICE
6.2 The Administrator uses cookies primarily to provide the User with services provided by electronic means. Therefore, the Administrator and other entities providing IT services to him/her use cookies, storing information or gaining access to information already stored in the User's telecommunications terminal equipment (computer, telephone, tablet, etc.). Cookie files used for this purpose include:
6.2.1. user input cookies with data entered by the User (session ID) for the duration of the session;
6.2.2. authentication cookies used for services requiring session time authentication;
6.2.3. user centric security cookies;
6.3 The list of cookies necessary to provide services:
ANALYTICAL AND STATISTICAL" COOKIES
6.4. cookies used to monitor website traffic, i.e. data analytics, including Google Analytics cookies (these are files used by Google to analyse the way the User uses the Website, to create statistics and reports on the functioning of the Website). Google does not use the collected data to identify the User or link this information to enable identification. Detailed information on the scope and principles of data collection in connection with this service can be found at: https://www.google.com/intl/pl/policies/privacy/partners.
6.5 The list of "analytical and statistical" cookies:
"MARKETING" COOKIES
6.6 The Administrator and his trusted partners also use cookies for marketing purposes, e.g. in connection with directing behavioural advertising to Users. For this purpose, the Administrator and trusted partners store information or gain access to information already stored in the User's telecommunication end device (computer, telephone, tablet etc.). The use of cookies and personal data collected through them for marketing purposes, in particular to promote third party services and goods, requires the User's consent. This consent may be withdrawn at any time. Cookie files used for this purpose include:
6.6.1. multimedia player session cookies (e.g. flash player cookies), for the duration of the session;
6.6.2. persistent user interface customization cookies for the duration of the session or slightly longer,
6.7 The list of "marketing" cookies:
7. THE PERIOD OF PROCESSING OF PERSONAL DATA
7.1 The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. As a rule, the data shall be processed for the duration of the service provision or the execution of an order, until the consent expressed is withdrawn or an effective objection to the data processing is raised in cases where the legal basis for the data processing is the legitimate interest of the Administrator.
7.2 The period of processing may be extended where the processing is necessary for the establishment and assertion of possible claims or defences against them, and thereafter only if and to the extent required by law. After the expiry of the processing period, the data shall be irreversibly erased or rendered anonymous.
7.3 The information obtained by the Administrator by means of cookies shall be stored no longer than necessary to achieve the purposes for which the information was collected. A User may at any time withdraw his consent to the Administrator's processing of data obtained from analytical, statistical and marketing cookies, as well as delete cookies from his Internet browser. Withdrawal of consent does not affect the legality of data processing until the withdrawal of consent.
8. USER RIGHTS
8.1 The User shall have the right to: access the content of the data and demand their correction, deletion, restriction of processing, the right to transfer the data and the right to object to the processing of the data, as well as the right to lodge a complaint with the supervisory body dealing with the protection of personal data.
8.2 To the extent to which User's data is processed on the basis of consent, it may be withdrawn at any time by contacting the Administrator or using the functionalities made available in the Service, including in the "My Profile" or "My Account" and "My Consents" tab.
8.3 The User has the right to object to the processing of data for marketing purposes if the processing is carried out in connection with the Administrator's legitimate interest, as well as - for reasons related to the User's specific situation - in other cases where the legal basis for the processing is the Administrator's legitimate interest.
9. RECIPIENTS OF DATA
9.1 In connection with the provision of services, personal data shall be disclosed to external entities, including in particular suppliers responsible for the operation of IT systems, entities providing accounting services, personal data protection services, marketing agencies (in the scope of marketing services) and entities related to the Administrator, including companies from its capital group, as well as law firms, tax and audit firms.
9.2 In case of obtaining the User's consent, the Administrator may address to the User marketing content containing commercial information of the Administrator's business partners.
9.3 The Administrator reserves the right to disclose selected information concerning the User to competent authorities or third parties who request such information, based on an appropriate legal basis and in accordance with the provisions of applicable law.
10. TRANSMISSION OF DATA OUTSIDE THE EEA
10.1 The level of protection of personal data outside the European Economic Area (EEA) is different from that provided by European law. For this reason, the controller transfers personal data outside the EEA with an adequate level of protection, primarily through:
10.1.1. cooperation with entities processing personal data in countries in respect of which a relevant European Commission decision has been issued;
10.1.2. use of standard contractual clauses issued by the European Commission;
10.1.3. application of binding corporate rules, approved by the competent supervisory authority;
10.2 The controller shall always inform about the intention to transfer personal data outside the EEA at the stage of their collection.
11. PERSONAL DATA SECURITY
11.1 The controller shall conduct a risk analysis on an ongoing basis in order to ensure that personal data are processed in a secure manner - ensuring in particular that only authorised persons have access to the data and only to the extent necessary for the performance of their tasks. The controller ensures that all operations on personal data are recorded and performed only by authorized employees and associates.
11.2 The controller shall take all necessary steps to ensure that also its subcontractors and other cooperating entities guarantee the application of appropriate security measures in each case when they process personal data upon the controller's order.
12. CONTACT DETAILS
12.1 Contact with the Administrator is possible via e-mail: dataprotection@insbuy.app or in writing to the address of the Administrator's seat.
12.2 The controller has appointed a Data Protection Officer who can be contacted by e-mail: dataprotection@insbuy.app or in writing to the address of the Administrator's seat, in any case concerning the processing of personal data.
13. CHANGES IN PRIVACY POLICY
13.1 The policy is reviewed on an ongoing basis and updated when necessary. The current version of the Policy has been adopted and is effective since October 9, 2020.
