Privacy policy
In a sense of responsibility for the privacy, confidentiality and integrity of the processed personal data, in accordance with the applicable provisions on the protection of personal data, fulfilling the information obligation resulting from Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data and the repeal of Directive 95/46 / EC (General Data Protection Regulation), hereinafter: GDPR, FEEDTECH SpóÅ‚ka z o. o. with its registered office in Warsaw publishes the following document, which is a data protection policy in the meaning of the GDPR.
PERSONAL DATA ADMINISTRATOR
1. The administrator of personal data is FEEDTECH Sp. z o. o. at ul. Stawki 2A/42, 00-193 Warsaw, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw Warsaw in Warsaw, 12th Commercial Division of the National Court Register under KRS number: 0000988063 , REGON: 522870760, NIP: 5252920116, share capital PLN 50,000.00 (fully covered).
2. Administrator contact details :
Address: ul. Stawki 2A/42, 00-193 Warsaw
e-mail: office@feedtech.pl
additionally, the Administrator informs about the possibility of contact via the contact form available on the feedtech.pl website
PURPOSE AND LEGAL BASIS OF PROCESSING
1. The administrator indicates the purposes and legal basis for the processing of personal data:
Purpose of processing
Ongoing service and execution of orders placed by the Administrator's customers and contractors, including maintaining databases containing address data of the Administrator's customers and contractors. E-mail and telephone contact in the field of technical customer service, commercial inquiries and handling commercial transactions.
Answering Customers' questions via the online form available on the Administrator's website.
Legal basis for processing
Necessity for the performance of the contract - art. 6 section 1 lit. b) GDPR, i.e. processing is necessary for the performance of a contract to which the data subject is a party, or to take action at the request of the data subject before concluding the contract.
Consent of the data subject - art. 6 section 1 lit. a) GDPR, i.e. the data subject has consented to the processing of his personal data for one or more specific purposes.
Legal interest of the Administrator - art. 6 section 1 lit. f) GDPR, including the economic interest in improving the quality of services provided while ensuring the security and proper operation of the IT tools used.
Depending on the purpose of processing described above, providing personal data is a statutory or contractual requirement or a condition for concluding a contract, and the data subject is obliged to provide it. In the event of a refusal to provide the required personal data, the Administrator reserves the right to refuse to establish cooperation or perform a service for the data subject.
The scope of processed personal data is specified in the contact form.
TRANSFER OF PERSONAL DATA
1. The administrator cooperates on the basis of an agreement with the following categories of entities to which personal data may be transferred:
a) entities dealing with postal and courier activities (i.e. inPost, DHL);
b) entities involved in service activities in the field of information and computer technologies, supporting the operation of internet portals, managing websites (hosting) and providing IT tools to run the Administrator's day-to-day activities (i.e. Microsoft, Salesforce, Google, Clickmeeting);
c) Entities engaged in accounting and bookkeeping activities;
d) The Administrator's contractors - producers to whom commercial data is transferred primarily as part of their business activities.
2. In connection with the processing of data for the purposes of ongoing customer service and the Administrator's use of information and computer technology tools (Microsoft, Salesforce, Google, Clickmeeting), personal data may be transferred to third countries. This also applies to countries outside the European Economic Area without an adequate level of data protection (especially the USA). For this type of transfer, we rely on the Standard Contractual Clauses used by our partners. The entities whose services the Administrator uses have been selected to ensure a high level of security and guarantee the security of personal data.
More information about the processing of personal data by our partners can be found at the following links:
Microsoft Privacy Policy | Microsoft Trust Center
Privacy Policy - Privacy & Terms - Google
RIGHTS OF DATA SUBJECTS
1. The Administrator informs that the data subject has the right to: request the Administrator to access his personal data, rectify personal data, delete or limit the processing of personal data, object to processing, as well as to transfer personal data.
2. The data subject has the right to withdraw consent to processing at any time, which, however, does not affect the lawfulness of processing based on consent before its withdrawal.
3. The above rights are exercised through direct contact of the data subjects with the Administrator.
4. The data subject has the right to lodge a complaint with the supervisory authority. The function of the supervisory authority in Poland is performed by the President of the Office for Personal Data Protection.
PERIOD OF STORAGE OF PERSONAL DATA
1. The administrator strives to shorten the period of storage of personal data in accordance with the principle of limiting storage. The administrator does not store personal data indefinitely, and adjusts the period of their storage to the purposes for which they were collected.
2. The criteria for determining the period of personal data storage by the Administrator are the provisions of generally applicable law, including the provisions on limitation periods, as well as a legitimate legal interest resulting from the nature of the Administrator's activity, the need to ensure the implementation of maintenance and warranty services, after-sales customer service, maintaining business relationships and developing exchange commercial.
3. The administrator allows for the possibility of extending or shortening the period of personal data storage due to a legitimate legal interest, e.g. in connection with pending court proceedings.
PROFILING AND COOKIES
1. The administrator does not conduct profiling processes that may result in making decisions that have legal effects or affect the data subjects in a similarly significant way.
2. Notwithstanding the above, the Administrator informs that he uses Google Analytics and Facebook Pixel tools to optimize the services provided and for analytical purposes.
DUTIES OF THE ADMINISTRATOR
1. The Administrator keeps a Register of Personal Data Processing Activities (hereinafter: the Register). The register is a form of documenting data processing activities, in which the Administrator records the way in which he processes personal data.
2. In the Register, for each data processing activity that the Administrator considered separate for the purposes of the Register, at least: (i) the name of the activity, (ii) the purpose of processing, (iii) description of the category of persons, (iv) description of the data category, (v ) the planned date of deletion of the data category, (vi) description of the category of recipients of personal data (including processors), (vii) description of technical and organizational security measures, (vii) information about the transfer outside the EU/EEA.
3. The administrator ensures an appropriate level of data security by:
1) risk analysis procedure for data processing activities or categories thereof;
2) a data protection impact assessment procedure where the risk of violating the rights and freedoms of persons is high;
3) adapting data protection measures to the identified risks;
4) The administrator records all cases of personal data protection violations, regardless of the severity of the violation, in order to implement the principle of accountability and ensure transparency of personal data processing.
5) In the event of a violation of the protection of personal data, the Administrator assesses whether the violation could have caused a risk of violation of the rights or freedoms of natural persons.
6) In any situation where the breach could result in a risk of infringement of the rights or freedoms of natural persons, the Controller shall report the breach of data protection principles to the body supervising the processing of personal data without undue delay - if feasible - no later than within 72 hours after finding the breach.
7) If the risk of violation of rights and freedoms is high, the Administrator also notifies the data subject of the incident.
SECURITY OF PERSONAL DATA
1. The data controller will take reasonable technical and organizational precautions to prevent the loss, misuse or alteration of the user's personal data.
2. The administrator will store all personal data that will be provided on secure servers (password and firewall protected).
AMENDMENTS
We may update this policy from time to time by posting a new version on our website. You should check this page from time to time to ensure you understand any changes to this policy.
FINAL PROVISIONS
1. The Administrator reserves the right to change the Privacy Policy.
2. The Privacy Policy was last updated on August 28, 2023.