- The controller of personal data collected via the Website is Wojciech Dasiukiewicz, registered in the Central Register and Information on Economic Activity under the name „Wojciech Dasiukiewicz OCTOCODE”, address Osiek nad Notecią, ul. Kasztanowa 1, 89-333 Osiek nad Notecią (Poland); tax id no. (NIP): 7642656562; email: firstname.lastname@example.org, website: https://zencal.io/; (hereinafter referred to as the „Controller”).
Ways and purposes of personal data processing
Using the Website involves the processing of User’s personal data for the following purposes:
- Contacting the Controller – for this purpose, User provides their email address, name, surname and other data contained in the message. Providing an email address is voluntary, but necessary to contact the Controller via email. In this case, personal data is processed in order to contact the User, and the basis for processing is the User’s consent resulting from the initiation of contact (Article 6 (1) (a) of the GDPR). The data will also be processed after contacting the Controller. The legal basis for such processing is the legitimate purpose of archiving correspondence for the purpose of documenting its course in the future (Article 6 (1) (f) of the GDPR).
- Setting up and maintenance of a User account – for this purpose, the Controller processes personal data provided by the User in the registration form, i.e. name, email address and password and in the account settings, i.e. telephone number, nickname. The legal basis is Article 6 (1) (b) of the GDPR, i.e. performance of a contract for the provision of services.
- Settlement of paid services – for this purpose the Controller processes personal data provided by the User through the account, such as: name and surname, company name, tax identification number, correspondence address and payment card details – pursuant to art. 106e section 3 of the Act of March 11, 2004 on tax on goods and services and Article 6 (1) (c) of the GDPR, in order to fulfill the legal obligation incumbent on ADO, in the form of the obligation to issue a VAT invoice, as well as Article 6 (1) (b) of the GDPR in order to perform the contract for the provision of services.
- Complaint handling – for this purpose, the Controller may process some personal data provided by the User, as well as data on the use of services that are the cause of the complaint or questions, data contained in the documents attached to the complaint or questions – pursuant to Article 6 (1) lit. b GDPR, in order to fulfill the obligation to consider the complaint, as well as Article 6 (1) (f) GDPR, i.e. the legitimate interest of the Controller, consisting in improving the quality of the Services and building positive relationships with Users;
- Cookies on the Website – on the basis of User’s consent (Article 6 (1) (a) GDPR).
- Analyzing data collected automatically when using the Website – in this case, personal data is processed on the basis of the legitimate interest of the Controller (Article 6 (1) (f) of the GDPR).
- Processing for archival and evidence purposes, for the purposes of securing information that may be used to prove facts – this is a legitimate interest of the Controller (Article 6 (1) (f) of the GDPR).
- Confirmation of the performance of the Controller’s obligations and pursuit of claims or defense against claims that may be directed against the Controller, as well as for the purpose of preventing or detecting fraud – based on the Controller’s legitimate interest, which is the protection of rights, confirmation of the performance of obligations and obtaining due remuneration from Users (Article 6 (1) (f) of the GDPR).
- Sending the Newsletter – pursuant to Article 6 (1) (a) GDPR, i.e. the User’s consent granted before subscribing to the Newsletter, and for the purpose of implementing direct marketing addressed to Users, pursuant to Article 6 (1) (f) GDPR, i.e. the legitimate interest of the Controller.
- Personal data is not processed for the purpose of automated decision making without the express consent of the Users.
Personal data sharing
Personal data may be transferred to the following entities whose services are used by the Controller in order to run the Website and to provide services through it:
- UAB “MailerLite”, J. Basanavičiaus 15, LT-03108 Vilnius, Lithuania;
- DigitalOcean, LLC, 101 Avenue of the Americas, 10th Floor New York, NY 10013);
Internet traffic monitors:
- Google LLC. (1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA)
- Facebook, Inc. (1 Hacker Way, Menlo Park, CA 94025, USA)
Entities providing social plugins:
- Facebook, Inc. (1 Hacker Way, Menlo Park, CA 94025, USA)
The purpose and scope of data collection and their further processing and use by service providers referred to in clause 1, as well as the possibility of contact and the User’s rights in this regard and the possibility of making settings that ensure privacy protection are described in the privacy policies of those service providers.
Period of personal data storage
The Controller stores personal data for as long as it is necessary to achieve the purposes for which they were collected. Usually, personal data is stored for the duration of the use of individual services, until the contract for the provision of a given service is terminated, unless a longer statutory storage period applies.
After deleting the User’s account, the User’s personal data will be anonymized, with the exception of the following data: name, surname, e-mail address, purchase and payment history and information about the consent (these data will be stored for a period of 6 years from the removal of the Account for the purpose of considering complaints and possible claims. related to the use of services).
Users’ personal data contained in cookies are stored for a period corresponding to the life cycle of cookies stored on their devices (see section VI).
Data collected as part of complaints and questions are processed for the period necessary to consider a given complaint or question, but no longer than for a period of 3 years from the receipt of a given message. If a given message constitutes or may constitute evidence in proceedings before a court or other state authority, the Controller may store such messages and the personal data contained therein until the final conclusion of the proceedings.
When the basis for the processing of personal data is the legitimate interest of the Controller, they will be stored until the Controller recognizes the objection raised to the processing of data for these purposes as effective.
User’s rights in connection with the processing of personal data
After logging into the account, the User has access to the personal data provided by them and may:
- correct, change or delete personal data,
- delete the account, which results in the deletion of data, subject to section IV.
The User has the right to limit the processing of their personal data, to object to the processing and the right to transfer data (in the form of an exported .pdf file) upon request to the Controller in the form of an e-mail to the Controller’s address.
In order to prevent the re-registration of people whose account has been blocked due to unauthorized use of Zencal, the Controller may refuse to delete the data necessary to block the possibility of re-registration (legal basis: Article 19 section 2 point 3 in connection with Article 21 section 1 of the Act of July 18, 2002 on the provision of electronic services).
The user has the right to lodge a complaint with the supervisory body – the President of the Personal Data Protection Office.
Requests will be implemented without undue delay, not later than within 30 days from the date of receipt of the request. Within this period, the Controller will answer or inform about a possible extension of the deadline and explain the reasons. If the Controller has doubts as to whether a specific request was made by an authorized person, he may ask a few additional questions to verify the identity of the applicant.
- Cookies are digital data, in particular small text information, saved and stored on devices (e.g. computer, tablet, smartphone) through which the User uses the Website’s pages.
- Cookies used by the Controller are safe for Users’ devices. In particular, it is not possible for viruses or other unwanted software or malware to enter Users’ devices this way. Cookies allow us to identify the software used by the User and individually adjust the functionality of the Website. Cookies usually contain the name of the domain they come from, the storage time on the device and the assigned value.
Types of Cookies and their purpose
The Website uses three types of Cookies:
- own Cookies – used to ensure the proper operation of the Website.
- Google Analytics i Google Search Console – tools provided by Google LLC, used to create statistics and analyze them in order to optimize the Website. They automatically collect information about the User’s use of the Website. The information collected in this way is most often transferred to a Google server in the United States and stored there. Due to the IP anonymization activated by the Controller, the User’s IP address is shortened before forwarding. Only in exceptional cases is the full IP address sent to a Google server in the United States and shortened there. The anonymized IP address provided by the User’s browser is, as a rule, not combined with other Google data. Due to the fact that Google LLC is based in the USA and uses technical infrastructure located in the USA, it uses the model contractual clauses approved by the European Commission to ensure an adequate level of personal data protection required by the GDPR. In order to prevent the collection of data collected by this type of Cookies by Google, as well as the processing of this data by Google, the User may install a browser plug-in at: https://tools.google.com/dlpage/gaoptout. Details related to data processing as part of Google Analytics are available at https://support.google.com/analytics/answer/6004245.
- The User may independently and at any time change the settings for Cookies, specifying the conditions for their storage and access to the User’s device via Cookies. Changes to the settings referred to in the previous sentence can be made by the User using the settings of their web browser. These settings can be changed in particular in such a way as to block the automatic handling of Cookies, or to inform about them each time Cookies are placed on the User’s device. Detailed information on the possibilities and methods of handling cookies is available in browser settings.
Using the Website involves sending inquiries to the server on which the Website pages are stored. Each query directed to the server is saved in the server logs. Logs include User’s IP address, server date and time, information about the web browser and the User’s operating system. Logs are saved and stored on the server. The data stored in the server logs are not associated with specific Users and are not used by the Controller to identify Users. The server logs are only auxiliary material used to administer the Website and their content is not disclosed to anyone except those authorized to administer the server.
Social media plugins
- The Website includes a Facebook Messenger plugin. If the User uses a plug-in, e.g. by starting a chat, the relevant information will be sent directly to the Facebook server and stored there.
In order to subscribe to the Newsletter, the User provides the Controller with the following personal data: email address, name, surname, via the subscription form available on the Website. Providing this personal data is voluntary, but necessary to subscribe to the Newsletter.
Security and personal data protection authority
- The Controller guarantees the confidentiality of all personal data provided to him. The Controller ensures that all security and personal data protection measures required by law are taken. Personal data is collected with due diligence and adequately protected against access by unauthorized persons.
- If you believe that the Controller is processing personal data unlawfully, you can file a complaint with the competent authority, which is the President of the Personal Data Protection Office of Poland (Prezes Urzędu Ochrony Danych Osobowych).