Privacy Policy

Privacy Policy www.apnpromise.pl

 

General information

By using the services of www.apnpromise.pl („Website”), you can provide APN Promise your identity data.

We understand that the right to privacy and the security of personal data is extremely important. Therefore, we care about maintaining the highest security standards, in particular by applying appropriate technological and legislative solutions preventing interference by unauthorized entities in the privacy of our Clients, Partners or Users of our Websites.

All activities related to the collection and processing of all data are aimed at guaranteeing the User a sense of complete security at a level appropriate to applicable law, including Regulation (EU) 2016/679 of the European Parliament and ot the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR).

Please be advised that the Service may also include external links enabling direct access to other websites (e.g. Facebook, LinkedIn). Each of the suppliers defines the rules of using cookies in their privacy policy, therefore we have no influence on the privacy policy of the providers and their use of Cookies.

For security reasons, we recommend that before you use the resources offered by other websites, read the document regarding the privacy policy, if they have been made available, or in the absence of them contacted by the administrator of the site or service in order to obtain information in this subject.

This privacy policy will tell you:

  • why we are able to process your information
  • what purpose we are processing it for
  • whether you have to provide it to us
  • how long we store it for
  • whether there are other recipients of your personal information
  • what rights you have

Controller

The entity deciding on the purposes and methods of using your data (i.e. its administrator in accordance with the GDPR regulations) is:

A.P.N. Promise S.A. (Domaniewska 44A, 02-672 Warsaw), entered into the Register of Entrepreneurs kept by the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Division of the National Court Register, under number 0000375933, Tax Identification Number: 5210088682, share capital PLN 1 050 060.60 (paid up in full).

There are many ways You can contact us, including by phone, email and post.

  • Phone: +48 (22) 355 16 00
  • e-mail: promise@promise.pl or iodo@promise.pl,
  • Postal address: Domaniewska 44A Street, 02-672 Warszawa

Personal data protection contact

In order to ensure the security of data collected by us and the necessity of constant monitoring of their processing, we have appointed a person responsible for the protection of personal data.

You can contact the appointed person in all matters regarding data processing and in order to execute your rights to the processing.

Address: A.P.N. Promise S.A., personal data protection

Domaniewska 44A Street, 02-672 Warsaw
E-mail: iodo@promise.pl

Security

We approach the protection of data concerning you appropriately and constantly develop our systems and security processes. The security measures we use include:-         limited physical access to our buildings and user access to our systems – only for those who are authorized-         control mechanisms such as firewall, user verification, strong data encryption and separation of roles, systems and data-         proactive monitoring We also use the highest standards in the industry to support the maintenance of a robust information security management system.

What data are we processing?

Most of the personal data we process is provided directly to us due to one of the following reasons:

  • you are our Client, Partner or your data has been provided to us by your employer or Partner,
  • you use our services (data that you leave in the so-called Cookies),
  • we serve as the processor of the Customer who is the administrator of your data and these data have been made available to us in the scope of cooperation that binds us with the Client,
  • we obtained it directly from you or from a third party authorized to provide us with your information,
  • you have submitted a complaint, reclamation or inquiry to us,
  • you represent your organization.

We try to collect data to the extent necessary to carry out specific activities or services, which is why each time we precisely indicate the scope of information we need or mark them as required.

We also store http queries addressed to the server. The browsed resources are identified by URL addresses and concern, among others, public IP address of the terminal device from which the query came, time of arrival of the query, number of data sent by the server, URL of the page previously visited by the User (link referer) – when the Website was accessed via an external reference, information about errors that occurred during execution of the http transaction.

The legal basis for the processing of personal data

In any case, when we process your personal data, we must have so-called “Legal basis”. The legal basis results directly from the provisions of the law on the protection of personal data (article 6 of the GDPR), below are those on which we most often rely:

  • Consent (article 6 (1) (a) of the GDPR): You indicated to us that you agree to the processing of your data for a specific purpose, e.g. to receive marketing messages by electronic means of communication,
  • Legitimate interests (article 6 (1) (f) of the GDPR): only if processing is necessary for us to conduct our business and it does not interfere with the right to privacy, for example to ensure the security of our services, improve quality and availability Website services, profiling,
  • Execution of the contract (article 6 (1) (b) of the GDPR): we need to process your personal data in order to be able to provide you with one of our products or one of our services, eg. service of the Website,
  • Legal claims (article 6 (1) (a), (b), (c), (f) of the GDPR): where processing is necessary to establish, enforce or defend our legal claims,
  • Legal obligation (article 6 (1) (c) of the GDPR): when, under legal provisions, we are obliged to process your personal data.

How we use personal data?

There are many ways and possibilities to use personal data concerning you, depending on how you interact with us or our Partners for example, if you do not provide us with information about you as required, we will not be able to enable you to use individual services or contact you.

We may also want to tell you about products and services that we think may interest you. If we have your consent or it is in our legitimate interest, we can do it via e-mail, SMS, using the Website or other electronic means of communication.

How long do we keep your personal data ?

We store your data for strictly defined purposes and in accordance with the relevant regulations. We never store data longer than necessary to achieve the specific purpose for which it was collected. We store your data:- for the period necessary until the completion of the contract for the provision of services, and after that for the period and to the extent required by law or to secure any claims,- for a period necessary to comply with the legal obligations incumbent upon us, and after that for a period of time and to the extent required by law or to secure any claims, – until you withdraw your consent to the processing of personal data – if the processing takes place on the basis of a prior consent,- for the period necessary until you have completed a legally justified interest as the basis for the processing or until you object to such processing.

Is there an obligation to provide data?

As a rule, providing personal data is completely voluntary, however, it may be necessary for the implementation of specific services or your requests, for example in terms of contact, use of individual services, implementation of your processing rights, etc. Providing the data may also be necessary due to the applicable law.

The consequence of not providing adequate information may be the inability to act for a specific purpose.

The recipients of the personal data

In addition to us, access to data can also be obtained by service providers with whom we cooperate, and who help us deliver products and services that you expect from us or support us in your business. These entities process personal data on our behalf and must meet high security standards.

To entities with access to data, we only provide information that allows us to provide services to us or facilitate their provision to you.

In some circumstances we are legally obliged to share information. For example under a court order or where we cooperate with other European supervisory authorities in handling complaints or investigations. We might also share information with other regulatory bodies in order to further their, or our, objectives. In any scenario, we’ll satisfy ourselves that we have a lawful basis on which to share the information and document our decision making and satisfy ourselves we have a legal basis on which to share the information.

Transfer of data to the so-called third country

We may transfer your personal data to our suppliers, partners or service providers located outside of the European Economic Area (EEA) to the purposes of processing. In any case, if your data can be found outside the EEA, we will inform you about it.

At the same time, taking care of the security of your data, we strictly follow the rules of their transfer resulting directly from the GDPR and provide data only where the degree of security is guaranteed in accordance with the decisions of the European Commission (e.g. to the US only to entities on the so-called Privacy Shield list).

Your data protection rights

Your personal data will be processed for the purposes of providing proper service and, if you submit such a statement, in order to: send you messages, conduct direct marketing, in particular for the purpose of sending commercial information. Remember that you can contact us at any time to obtain information about the use of your personal data and you have rights:

Right of access

You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.

Right to rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.

Right to erasure

You have the right to ask us to erase your personal information in certain circumstances. You can ask us to delete data about you and, in some circumstances, We must then do so. This is known as the right to erasure. You may sometimes hear it called the ‘right to be forgotten’. You should contact us and let us know what you want erased. You don’t have to ask a specific person – you can contact any part of our organisation with your request. A request can be verbal or in writing. We recommend you follow up any verbal request in writing because this will allow you to explain your concern, give evidence and state your desired solution.

We Can refuse to erase your data in the following circumstances:

  • when we are legally obliged to keep hold of your data
  • when keeping your data is necessary for establishing, exercising or defending legal claims

Right to restriction of processing

You have the right to ask us to restrict the processing of your information in certain circumstances ex. a challenge you have made to the accuracy of your data, or an objection you have made to the use of your data.

Right to object to processing

You have the right to object to the processing (use) of your personal data in some circumstances. If we agrees to your objection, we must stop using your data for that purpose unless we can give strong and legitimate reasons to continue using your data despite your objections.

You have an absolute right to object to us using your data for direct marketing – in other words, trying to sell things to you. This means it must stop using the data if you object.

Right to data portability

This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.

Right to withdraw consent

If your data is processed on the basis of consent, You can use the right to withdraw it at any time – remember that this withdrawal does not affect the compliance of the processing before it is made.

Right to lodge a complaint with a supervisory authority

If You consider that the processing of your data infringes GDPR without prejudice to any other administrative or judicial remedy, You have the right to lodge a complaint with a supervisory authority in particular in the Member State (EU) of Yours habitual residence, place of work or place of the alleged infringement.

Execution of your rights

You can request the execution of your rights in oral or written form. If you give us your request orally, we recommend that you also send it in writing or via email – in order to leave a clear evidence of your correspondence. This will also provide us with confirmation of your position or requests and will allow us to respond to your requests and in accordance with the content of your expectations as soon as possible.

You are not required to pay any charge for exercising your rights.

We can also refuse your request if it is ‘manifestly unfounded or excessive’. In any case w‘ll need to tell you and justify our decision. We should also let you know about your right to complain to the supervisory authority, or through the courts.

We have one month to respond to your request. In certain circumstances it may need extra time to consider your request and can take up to an extra time. If we are going to do this, we’ll let you know within one month that we need more time and why.

We might need you to prove your identity. However, we‘ll only ask you for just enough information to be sure you are the person whose data it holds. If we do this, the one-month time period to respond to your request begins from when we receive this additional information.

There are many ways You can contact us, including by phone, email and post.

  • Phone: +48 (22) 355 16 00
  • e-mail: promise@promise.pl or iodo@promise.pl
  • Postal address: Domaniewska 44A Street, 02-672 Warszawa or
  • using the contact form on the Website

 

Cookies

The Website uses cookies that are text files, which are stored on the User’s device. Cookies typically contain the name of the website from which time store them on a terminal device and a unique number.

Cookie files are not to collect any data about the user but to set his personal preferences. For us, cookies are to better understand traffic on our website, for further improvements, updates and maintenance.

You can decide about how cookies are stored on your device. To do this, change the settings/preferences in the web browser. The default settings for popular browsers usually allow you to store Cookies. By using this Website you expressly consent to the use of cookies in accordance with the browser settings.

We use Cookies for the following purposes:

  • providing Website services
  • facilitate the use of the Website while browsing
  • subsequent identification in the event of the Service being re-connected to the device on which it was saved
  • creating statistics that help us to understand how Website Users use websites, which allows improving their structure and content
  • the adaptation of web content to the specific preferences of the service and optimize the use of websites tailored to the individual needs of the user
  • exchange of information with Partners to mediate in the provision of their services

What Cookies do we use?

We use the following Cookies:

  • „session” – which are stored in the User’s device until they leave the website or turn off the web browser
  • „permanently” – stored on the User’s device for a definite period of time in Cookie parameters or until they are deleted by the User
  • „performance” – enabling the collection of information on the use of Website pages
  • „functionality” – enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region)
  • „own” – posted by us
  • „external” – coming from an external site than the Website

Managing your browser settings

Software for browsing websites, i.e. a web browser, usually allows cookies to be stored in the User’s end device by default. You can change the settings in this area. The web browser allows you to delete cookies. It is also possible to automatically block cookies. For detailed information on this subject, please refer to the help or documentation of the web browser you are using.