Controller, we, us – Devapo sp. z o. o. with its registered office in Warsaw, Aleje Jerozolimskie 100, 05-077 Warsaw, entered into the Register of Entrepreneurs of the National Court Register by the District Court for the Capital City of Warsaw in Warsaw XIII Commercial Division of the National Court Register under no. 0000762836, NIP: 5213850305, REGON: 382047422
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC
Website – a website maintained at the adress https://devapo.io/
II. What do we use personal data for? – purposes and legal bases of data processing
1. Use of the Website
Personal data of all persons using the Website (including IP address or other identifiers and information collected through cookies or other similar technologies) are processed by the Controller:
- to provide electronic services in the scope of providing Users with content collected on the Website, including on the blog – then the legal basis for processing is the necessity of processing for the performance of the agreement (Article 6.1. b GDPR)
- for analytical and statistical purposes – then the legal basis for processing is the legitimate interest of the Controller (Article 6.1. f GDPR), consisting in conducting analyses of Users’ activity as well as their preferences to improve the functionalities used and services provided
- to possibly establish and pursue claims or defend against claims – the legal basis for processing is the legitimate interest of the Controller (Article 6.1. f GDPR), consisting in the protection of his rights
The User’s activity on the Website, including his personal data, is recorded in system logs (i.e., in a special computer program used to store a chronological record containing information about events and activities that relate to the IT system used to provide services by the Controller). The information collected in the logs is processed primarily for purposes related to the provision of services. The Controller also processes them for technical and administrative purposes, for the purposes of ensuring the security of the IT system and managing this system, as well as for analytical and statistical purposes – in this respect, the legal basis for processing is the legitimate interest of the Controller (Article 6.1. f GDPR).
The Controller processes Users’ personal data to carry out marketing activities, which may consist in:
- displaying marketing content to the User corresponding to his interests
- sending e-mail notifications about interesting offers or content, which in some cases contain commercial information (newsletter service)
- conducting other types of analytical and statistical activities, as well as related to direct marketing of goods and services (sending commercial information by electronic means and telemarketing activities)
To carry out marketing activities, the Controller in some cases uses profiling. Pprofiling allowsfor a better matching of the displayed content to the individual preferences and interests of the User.
Subscribing to the newsletter involves the processing of the User’s personal data. Providing data marked as mandatory is required in order to accept and handle the order for the newsletter service. Personal data is processed in order to:
- implementation of the newsletter sending service – the legal basis for processing is the necessity of processing for the performance of the contract (Article 6.1. b GDPR)
- in the case of sending marketing content to the User as part of the newsletter – the legal basis for processing, including the use of profiling, is the legitimate interest of the Controller (Article 6.1. f GDPR) in connection with the consent to receive the newsletter
- analytical and statistical – the legal basis for processing is the legitimate interest of the Controller (Article 6.1. f GDPR), consisting in conducting analyses of Users’ activity on the Website to improve the functionalities used
- possible determination and pursuit of claims or defense against claims – the legal basis for processing is the legitimate interest of the Controller (Article 6.1. f GDPR), consisting in the protection of his rights
3. Contact form
To contact the Controller via the form available on the Website, please provide the data indicated therein. Providing data is voluntary, but if you do not do it, it will not be possible to send a message using the form (you do not have to provide a phone number, but it may improve our communication). Personal data is processed in order to:
- communication with the User, handling his inquiry, including responding to the message – the legal basis for processing is the legitimate interest of the Controller (Article 6.1. f GDPR); in the scope of data provided optionally, the legal basis for processing is consent (Article 6.1. a GDPR)
- possible determination and pursuit of claims or defense against claims – the legal basis for processing is the legitimate interest of the Controller (Article 6.1. f GDPR), consisting in the protection of his rights.
As a rule, we will process your data until the end of communication with you, unless the law obliges Nas to oblige to process this data longer or we will store it longer in the event of potential claims, for the period of limitation specified by law, in particular the Civil Code.
4. Contact by phone and e-mail
You can contact the Controller by phone or e-mail. The Controller uses personal data only to answer the User’s questions provided in an e-mail or during a telephone conversation.
The legal basis for data processing is Art. 6.1. f GDPR. The legitimate interest pursued by the Controller results from the willingness to answer your questions.
The Controller will process the data until the end of the case, which is the subject of an inquiry or objection to the processing of personal data. After the expiry of the indicated periods, we will store personal data if the Controller is obliged to do so under the law for the period provided for in these provisions or to pursue legitimate interests for the period of limitation of claims. Providing personal data is voluntary, but necessary to answer the question.
5. Profiles on social networks Facebook and LinkedIn
The Controller has public profiles on social networks Facebook and LinkedIn. Therefore, it processes the data left by visitors to these profiles (m.in comments, likes, online IDs). Personal data of such persons are processed:
- to enable them to be active on their profiles
- to effectively run profiles, by providing portal users with information about the Controller’s initiatives and other activities and in connection with the promotion of various types of events, services and products
- for statistical and analytical purposes
- alternatively, they may be processed for the purpose of pursuing claims and defending against claims
The legal basis for personal processingis the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in promoting the Controller brand and improving the quality of services provided, as well as possible pursuit of claims and defense against claims.
Personal data is processed:
- if the preferred form of employment is an employment contract – to perform obligations arising from the law related to the employment process, including primarily the Labor Code – the legal basis for processing is the legal obligation incumbent on the Controller (Article 6.1. c GDPR in connection with the provisions of labor law)
- if the preferred form of employment is a civil law contract – to conduct the recruitment process – the legal basis for the processing of data contained in the application documents is to act before concluding the contract at the request of the data subject (Article 6.1. b GDPR)
- to carry out the recruitment process in the scope of data not required by law or by the Controller, as well as for the purposes of future recruitment processes – the legal basis for processing is consent (Article 6.1. a GDPR)
- to verify the qualifications and skills of the candidate and to determine the terms of cooperation – the legal basis for data processing is the legitimate interest of the Controller (Article 6.1. f GDPR). The legitimate interest of the Controller is to verify candidates for work and determine the terms of possible cooperation
- to establish or pursue by the Controller any claims or defend against claims directed against the Controller – the legal basis for data processing is the legitimate interest of the Controller (Article 6.1. f GDPR)
As part of recruitment processes, personal data should be transferred (e.g., in a CV) only to the extent specified in the provisions of labor law. If the submitted applications contain additional data beyond the scope indicated by the provisions of labor law, their processing will be based on the candidate’s consent (Article 6.1. a GDPR).
To the extent that personal data are processed based on consent, it can be withdrawn at any time, without affecting the lawfulness of the processing carried out before its withdrawal. In the case of consent for the purposes of future recruitment processes, personal data is deleted no later than after two years [KRPPG2] – unless the consent has been withdrawn beforehand. Providing data in the scope specified in Article 22(1) of the Labour Code is required – in the case of the candidate’s preference for employment based on an employment contract – by legal provisions, including primarily the Labour Code, and in the case of preferring employment based on a civil law contract – by the Controller. The consequence of not providing this data is the inability to consider a given candidacy in the recruitment process. Providing other data is voluntary.
- Session – this is temporary information stored in the browser’s memory until the end of the browser session, i.e., until it is closed. They are necessary for the proper operation of some functionalities.
- Persistent – Persistent files are deleted automatically after a certain period, which may vary depending on the type of file. You can delete these cookies at any time using the security settings of your browser.
Types of cookies we use and similar technology
Necessary cookies –
These cookies are necessary for the website to function and cannot be switched off in our systems. These cookies are installed for the purpose of remembering login sessions or filling out forms, as well as for purposes related to setting privacy options. The legal basis for data processing in connection with the use of necessary cookies is the necessity of processing for the performance of the agreement (Article 6.1. b GDPR).
Analytics and Functional cookies –
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our Website. They help us know which pages are the most and least popular and see how visitors move around the Website. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our site.
Functional cookies remember and adapt the website to the User’s choices, e.g., language preferences. You can set your browser to block or warn you about necessary and functional cookies, however, this will cause some parts of the Website to not work properly.
The legal basis for the processing of personal data in connection with the use of functional and analytics cookies by the Controller, for this purpose is its legitimate interest (Article 6.1. f GDPR). The processing of personal data in connection with the use of analytics and functional cookies is subject to obtaining the User’s consent to the use of (separately) functional and analytics cookies through the cookie consent management platform. This consent may be withdrawn at any time via this platform.
Targeting cookies –
Targeting cookies may be set through our site by our advertising partners. They can be used by these third parties to build a profile of your interests based on the browsing information they collect from you, which includes uniquely identifying your browser and terminal equipment. If you do not allow these cookies you will still see basic advertising on your browser that is generic and not based on your interests.
The legal basis for the processing of personal data in connection with the use of advertising cookies by the Controller, for this purpose is his legitimate interest (Article 6.1. f GDPR). The processing of personal data in connection with the use of advertising cookies is possible after obtaining the User’s consent to the use of consent through the consent management platform. This consent may be withdrawn at any time via this platform.
The tools used by the Controller are:
- Google Adwords (Conversion) – we use Google Adwords cookies to customize the ads and content displayed to you on our Website
- Facebook Pixel – The Facebook Pixel helps you measure the effectiveness of your ads and optimize your advertising activities on social media platforms
Detailed information about the cookies used by the Controller can be found here.
Deleting / blocking cookies
Detailed information about the possibilities and ways of handling cookies are available in the software (web browser) settings.
Change your privace settings
IV. Period of personal data processing
The period of data processing by the Controller depends on the type of service provided and the purpose of processing. As a rule, the data is processed for the duration of the provision of the service or the execution of the order, until the consent is withdrawn or an effective objection to the processing of data is submitted in cases where the legal basis for data processing is the legitimate interest of the Controller. The period of data processing may be extended if the processing is necessary to establish and pursue possible claims or defend against claims, and after this time only in the case and to the extent required by law. After the expiry of the processing period, the data is irreversibly deleted or anonymized.
V. Transfer of personal data
Your personal data may be transferred to third parties who support us in providing the services offered, m.in suppliers and partners:
- technology-related services (for example, support for our Website)
- providing marketing and advertising services
- providing logistics, transport and delivery services
- providing legal services
- other services related to the handling of the User, the customer.
We only share personal data with our suppliers and partners that enable them to provide services to us and require them to maintain the confidentiality and security of information. We also verify that they provide adequate measures to protect personal data.
In addition, the User’s personal data may be disclosed to entities authorized to obtain them based on applicable law, e.g., supervisory authorities, law enforcement authorities or courts.
Personal data may be transferred to a third country, i.e., a country outside the European Economic Area (EEA) based on:
- standard contractual clauses approved by the European Commission – Article 46.2. c GDPR
- a decision of the European Commission stating an adequate level of protection – Article 45.1. GDPR
VI. Rights of data subjects
The data subject has:
- Right to access (Article 15 GDPR), i.e., requesting information from the Controller about the processing of their personal data, i.e., confirming whether the personal data of the person to whom they relate are being processed. If data about a person are processed, he or she is entitled to access them, obtain a copy thereof and to obtain the following information: about the purposes of processing, categories of personal data, information about recipients or categories of recipients to whom the data have been or will be disclosed, about the period of data storage or criteria for determining them, about the rights of the person related to the processing of his personal data, about the possibility of submitting a complaint to the supervisory authority, about the source of obtaining personal data if they have not been obtained directly from the data subject and about profiling and automated processing of decisions
- Right to rectification (Article 16 GDPR), i.e., if a person becomes aware that his personal data processed by the Controller are incorrect, outdated or incomplete, he has the right to request their immediate rectification or supplementation
- Right to be forgotten / Right to erasure (Article 17 GDPR), i.e., may request the deletion of their personal data, whereby, if the person has consented to the processing of personal data, the request for deletion will have the same effect as the withdrawal of consent
- Right to restrict Processing (Article 18 GDPR), i.e., to request the cessation of their processing except for their storage, in situations where:
a. the data subject disputes the accuracy of the personal data
b. the data subject questions the lawfulness of the processing of personal data by the Controller
c. The controller no longer needs the data, but they are needed by the data subject to establish, exercise or defend his claims;
d. the data subject has objected to the processing and this objection has been recognized by the Controller
- Right to data portability (Article 20 GDPR), which means the right to receive personal data made available to the Controller in a structured format, common use, readable by a specific device, so that it can be transferred directly to another entity, if it is technically possible
- Right to object to the processing (Article 21 GDPR), which means the right of the data subject to object to the use of his personal data for purposes related to direct marketing of products and services, as well as other marketing activities carried out by the Controller sent via e-mail or SMS). The objection does not result in the deletion of the data, but only the cessation of their use by the Controller for marketing purposes
- Right to withdraw consent, which means that in cases where data processing is based on consent, the data subject has the right to withdraw consents granted for processing purposes at any time. Withdrawal of consent does not affect the lawfulness of processing carried out until the consent is withdrawn
- Right to lodge a complaint with the competent supervisory authority. If the data subject considers that the data are being processed illegally, he or she has the right to lodge a complaint with the competent supervisory authority
VII. Contact with us
You can contact us:
- By correspondence: Aleje Jerozolimskie 100, 05-077 Warsaw
- By e-mail: firstname.lastname@example.org
Last modified: [ 19.01.2021 ]