Privacy Policy
I. Definitions
Controller, we, us – Devapo sp. z o. o. with its registered office in Warsaw, Aleje Jerozolimskie 100, 00-807 Warsaw, entered into the Register of Entrepreneurs of the National Court Register by the District Court for the Capital City of Warsaw in Warsaw XIII Commercial Division of the National Court Register under no. 0000762836, NIP: 5213850305, REGON: 382047422
Privacy Policy – this policy
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC
Website – a website maintained at the adress https://devapo.io/
User, you – any natural person visiting the Website or using one or more services or functionalities described in the Privacy Policy
II. What do we use personal data for? – purposes and legal bases of data processing
1. Use of the Website
Personal data of all persons using the Website (including IP address or other identifiers and information collected through cookies or other similar technologies) are processed by the Controller:
- to provide electronic services in the scope of providing Users with content collected on the Website, including on the blog – then the legal basis for processing is the necessity of processing for the performance of the agreement (Article 6.1. b GDPR)
- for analytical and statistical purposes – then the legal basis for processing is the legitimate interest of the Controller (Article 6.1. f GDPR), consisting in conducting analyses of Users’ activity as well as their preferences to improve the functionalities used and services provided
- to possibly establish and pursue claims or defend against claims – the legal basis for processing is the legitimate interest of the Controller (Article 6.1. f GDPR), consisting in the protection of his rights
- for marketing purposes of the Controller and other entities – more information can be found below in the further part of the Privacy Policy
The User’s activity on the Website, including his personal data, is recorded in system logs (i.e., in a special computer program used to store a chronological record containing information about events and activities that relate to the IT system used to provide services by the Controller). The information collected in the logs is processed primarily for purposes related to the provision of services. The Controller also processes them for technical and administrative purposes, for the purposes of ensuring the security of the IT system and managing this system, as well as for analytical and statistical purposes – in this respect, the legal basis for processing is the legitimate interest of the Controller (Article 6.1. f GDPR).
2. Marketing
The Controller processes Users’ personal data to carry out marketing activities, which may consist in:
- displaying marketing content to the User corresponding to his interests
- sending e-mail notifications about interesting offers or content, which in some cases contain commercial information (newsletter service)
- conducting other types of analytical and statistical activities, as well as related to direct marketing of goods and services (sending commercial information by electronic means and telemarketing activities)
To carry out marketing activities, the Controller in some cases uses profiling. Profiling allows for a better matching of the displayed content to the individual preferences and interests of the User.
Newsletter
Subscribing to the newsletter involves the processing of the User’s personal data. Providing data marked as mandatory is required in order to accept and handle the order for the newsletter service. Personal data is processed in order to:
- implementation of the newsletter sending service – the legal basis for processing is the necessity of processing for the performance of the contract (Article 6.1. b GDPR)
- in the case of sending marketing content to the User as part of the newsletter – the legal basis for processing, including the use of profiling, is the legitimate interest of the Controller (Article 6.1. f GDPR) in connection with the consent to receive the newsletter
- analytical and statistical – the legal basis for processing is the legitimate interest of the Controller (Article 6.1. f GDPR), consisting in conducting analyses of Users’ activity on the Website to improve the functionalities used
- possible determination and pursuit of claims or defense against claims – the legal basis for processing is the legitimate interest of the Controller (Article 6.1. f GDPR), consisting in the protection of his rights
3. Contact form
To contact the Controller via the form available on the Website, please provide the data indicated therein. Providing data is voluntary, but if you do not do it, it will not be possible to send a message using the form (you do not have to provide a phone number, but it may improve our communication). Personal data is processed in order to:
- communication with the User, handling his inquiry, including responding to the message – the legal basis for processing is the legitimate interest of the Controller (Article 6.1. f GDPR); in the scope of data provided optionally, the legal basis for processing is consent (Article 6.1. a GDPR)
- possible determination and pursuit of claims or defense against claims – the legal basis for processing is the legitimate interest of the Controller (Article 6.1. f GDPR), consisting in the protection of his rights.
As a rule, we will process your data until the end of communication with you, unless the law obliges us to process this data longer or we will keep it longer in the event of potential claims, for the period of limitation specified by law, in particular the Civil Code.
4. Contact by phone and e-mail
You can contact the Controller by phone or e-mail. The Controller uses personal data only to answer the User’s questions provided in an e-mail or during a telephone conversation.
The legal basis for data processing is Art. 6.1. f GDPR. The legitimate interest pursued by the Controller results from the willingness to answer your questions.
The Controller will process the data until the end of the case, which is the subject of an inquiry or objection to the processing of personal data. After the expiry of the indicated periods, we will store personal data if the Controller is obliged to do so under the law for the period provided for in these provisions or to pursue legitimate interests for the period of limitation of claims. Providing personal data is voluntary, but necessary to answer the question.
5. Profiles on social networks Facebook and LinkedIn
The Controller has public profiles on social networks Facebook and LinkedIn. Therefore, it processes the data left by visitors to these profiles (m.in comments, likes, online IDs). Personal data of such persons are processed:
- to enable them to be active on their profiles
- to effectively run profiles, by providing portal users with information about the Controller’s initiatives and other activities and in connection with the promotion of various types of events, services and products
- for statistical and analytical purposes
- alternatively, they may be processed for the purpose of pursuing claims and defending against claims
The legal basis for personal processings the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in promoting the Controller brand and improving the quality of services provided, as well as possible pursuit of claims and defense against claims.
6. Recruitment
Personal data is processed:
- if the preferred form of employment is an employment contract – to perform obligations arising from the law related to the employment process, including primarily the Labor Code – the legal basis for processing is the legal obligation incumbent on the Controller (Article 6.1. c GDPR in connection with the provisions of labor law)
- if the preferred form of employment is a civil law contract – to conduct the recruitment process – the legal basis for the processing of data contained in the application documents is to act before concluding the contract at the request of the data subject (Article 6.1. b GDPR)
- to carry out the recruitment process in the scope of data not required by law or by the Controller, as well as for the purposes of future recruitment processes – the legal basis for processing is consent (Article 6.1. a GDPR)
- to verify the qualifications and skills of the candidate and to determine the terms of cooperation – the legal basis for data processing is the legitimate interest of the Controller (Article 6.1. f GDPR). The legitimate interest of the Controller is to verify candidates for work and determine the terms of possible cooperation
- to establish or pursue by the Controller any claims or defend against claims directed against the Controller – the legal basis for data processing is the legitimate interest of the Controller (Article 6.1. f GDPR)
As part of recruitment processes, personal data should be transferred (e.g., in a CV) only to the extent specified in the provisions of labor law. If the submitted applications contain additional data beyond the scope indicated by the provisions of labor law, their processing will be based on the candidate’s consent (Article 6.1. a GDPR).
We process your personal data:
- in order to conduct recruitment for the position to which your recruitment application
relates: for the period necessary to conduct the recruitment process and select a candidate, and then for a period of 4 months in case the Controller has to repeat the recruitment process for any reasons, but not longer than for a period of 1 year from the submission of the recruitment application; - for other, similar positions: for a period of 2 years from the submission of the recruitment
application, if you agree to the processing of your personal data for the purposes of future recruitments.
In the event of a positive recruitment result, we further process your personal data based on the rules and periods of data processing provided for employees, which will be provided to you after starting work.
III. Use of cookies and other technologies
Cookies Policy
Cookies and web storage technologies allowing local and session storage (“cookies”) make it easier for you to interact with our website. They are typically small text files downloaded by your internet browser to your device when you visit our website. We also place cookies on your device when you interact with website technologies from third- party providers, such as pixels, which we integrate on our website for advertising purposes.
We provide information below on the use of these technologies as well as how you can change cookie settings depending on your preferences.
All cookies are divided according to the time for which they are installed in the user’s browser into:
- Session – this is temporary information stored in the browser’s memory until the end of the browser session, i.e., until it is closed. They are necessary for the proper operation of some functionalities.
- Persistent – Persistent files are deleted automatically after a certain period, which may vary depending on the type of file. You can delete these cookies at any time using the security settings of your browser.
Types of cookies
Devapo and its partners use different types of cookies depending on their function and purpose. These cookies are further described in this cookie policy and can be managed here:
Cookie Settings
Necessary cookies
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies. Your consent is not required for the use of essential cookies.
These cookies cannot be deactivated/disabled by using any of the functions on this website. Our legal basis for the usage of these cookies is Art. 6.1(f) of the GDPR, our legitimate interest to deliver the Website to you.
Preferences
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
Our legal basis when we use these Cookies is that you have given your consent, (Art. 6.1(a) GDPR). You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Statistics
Statistic cookies help Us to understand how visitors interact with websites by collecting and reporting information anonymously.
Our legal basis when we use these Cookies is that you have given your consent, (Art. 6.1(a) GDPR). You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Marketing
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
Our legal basis when we use these Cookies is that you have given your consent, (Art. 6.1(a) GDPR). You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Cookies used
Detailed information about the cookies used by the Controller can be found here.
Necessary (7)
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Name | Provider | Purpose | Expiry | Type |
_grecaptcha | devapo.io | This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website. | Persistent | HTML |
_GRECAPTCHA | google.com | This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website. | 179 days | HTTP |
rc::a | google.com | This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website. | Persistent | HTML |
rc::b | google.com | This cookie is used to distinguish between humans and bots. | Session | HTML |
rc::c | google.com | This cookie is used to distinguish between humans and bots. | Session | HTML |
rc::d-15# | google.com | This cookie is used to distinguish between humans and bots. | Persistent | HTML |
test_cookie | doubleclick.net | Used to check if the user’s browser supports cookies. | 1 day | HTTP |
Preferences (1)
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
Name | Provider | Purpose | Expiry | Type |
wp-wpml_current_language | devapo.io | Designates the country code that is calculated based on the user’s IP address. Used to determine what language should be used for the visitor. | Session | HTTP |
Statistics (11)
Statistic cookies help Us to understand how visitors interact with websites by collecting and reporting information anonymously.
Name | Provider | Purpose | Expiry | Type |
_ga | devapo.io | Registers a unique ID that is used to generate statistical data on how the visitor uses the website. | 2 years | HTTP |
_gat | devapo.io | Used by Google Analytics to throttle request rate. | 1 day | HTTP |
_gid | devapo.io | Registers a unique ID that is used to generate statistical data on how the visitor uses the website. | 1 day | HTTP |
_hjAbsoluteSessionInProgress | devapo.io | This cookie is used to count how many times a website has been visited by different visitors – this is done by assigning the visitor an ID, so the visitor does not get registered twice. | 1 day | HTTP |
_hjFirstSeen | devapo.io | This cookie is used to determine if the visitor has visited the website before, or if it is a new visitor on the website. | 1 day | HTTP |
_hjIncludedInPageviewSample | devapo.io | Used to detect whether the user navigation and interactions are included in the website’s data analytics. | 1 day | HTTP |
_hjIncludedInSessionSample | devapo.io | Registers data on visitors’ website-behavior. This is used for internal analysis and website optimization. | 1 day | HTTP |
_hjRecordingLastActivity | devapo.io | Sets a unique ID for the session. This allows the website to obtain data on visitor behavior for statistical purposes. | Session | HTML |
_hjSession_# | devapo.io | Collects statistics on the visitor’s visits to the website, such as the number of visits, average time spent on the website and what pages have been read. | 1 day | HTTP |
_hjSessionUser_# | devapo.io | Collects statistics on the visitor’s visits to the website, such as the number of visits, average time spent on the website and what pages have been read. | 1 year | HTTP |
hjViewportId | devapo.io | Sets a unique ID for the session. This allows the website to obtain data on visitor behavior for statistical purposes. | Session | HTML |
Marketing (8)
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
Name | Provider | Purpose | Expiry | Type |
_fbp | devapo.io | Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers. | 3 months | HTTP |
_gcl_au | devapo.io | Used by Google AdSense for experimenting with advertisement efficiency across websites using their services. | 3 months | HTTP |
_hjRecordingEnabled | devapo.io | This cookie is used to identify the visitor and optimize ad-relevance by collecting visitor data from multiple websites – this exchange of visitor data is normally provided by a third-party data-center or ad-exchange. | Session | HTML |
ads/ga-audiences | google.com | Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor’s online behavior across websites. | Session | Pixel |
fr | facebook.com | Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers. | 3 months | HTTP |
IDE | doubleclick.net | Used by Google DoubleClick to register and report the website user’s actions after viewing or clicking one of the advertiser’s ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user. | 1 year | HTTP |
pagead/1p-user-list/# | google.com | Tracks if the user has shown interest in specific products or events across multiple websites and detects h ow the user navigates between sites. This is used for measurement of advertisement efforts and facilitates payment of referral-fees bet ween websites. | Session | Pixel |
Tr | facebook.com | Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers. | Session | Pixel |
First-party cookies and third-party cookies
First-party cookies are cookies that Devapo deploys on the website that you are currently visiting and with which you interact when you use our Websites.
Our Website may also contain content from other websites which may deploy their own cookies. These cookies are set by someone other than Devapo. These third-party providers can set cookies while you are visiting our Website and receive information such as the fact that you have loaded the our Website. You will need to visit the websites of those third parties to find out more on how they use these cookies.
Managing cookies settings
You can manage – enable/disable and delete – the cookie settings on our website via the functionalities above, but also by altering your browser settings. Most browsers allow you to manage your cookies by either accepting or rejecting all cookies or accepting only certain types of cookies. The procedure for managing and deleting cookies usually can be found in your browser’s integrated help function.
If you decide to reject cookies that require your prior consent, we will not use such cookies. If you decide to withdraw consent that was given to us previously, we will no longer use the relevant cookies and will delete them (if they are first-party cookies). The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. We cannot delete third-party cookies. If you wish to delete all third-party cookies, you need do this in your own browser settings.
IV. Period of personal data processing
The period of data processing by the Controller depends on the type of service provided and the purpose of processing. As a rule, the data is processed for the duration of the provision of the service or the execution of the order, until the consent is withdrawn or an effective objection to the processing of data is submitted in cases where the legal basis for data processing is the legitimate interest of the Controller. The period of data processing may be extended if the processing is necessary to establish and pursue possible claims or defend against claims, and after this time only in the case and to the extent required by law. After the expiry of the processing period, the data is irreversibly deleted or anonymized.
V. Transfer of personal data
Your personal data may be transferred to third parties who support us in providing the services offered, m.in suppliers and partners:
- technology-related services (for example, support for our Website)
- providing marketing and advertising services
- providing logistics, transport and delivery services
- providing legal services
- other services related to the handling of the User, the customer.
We only share personal data with our suppliers and partners that enable them to provide services to us and require them to maintain the confidentiality and security of information. We also verify that they provide adequate measures to protect personal data.
In addition, the User’s personal data may be disclosed to entities authorized to obtain them based on applicable law, e.g., supervisory authorities, law enforcement authorities or courts.
Personal data may be transferred to a third country, i.e., a country outside the European Economic Area (EEA) based on:
- standard contractual clauses approved by the European Commission – Article 46.2. c GDPR
- a decision of the European Commission stating an adequate level of protection – Article 45.1. GDPR
VI. Rights of data subjects
The data subject has:
- Right to access (Article 15 GDPR), i.e., requesting information from the Controller about the processing of their personal data, i.e., confirming whether the personal data of the person to whom they relate are being processed. If data about a person are processed, he or she is entitled to access them, obtain a copy thereof and to obtain the following information: about the purposes of processing, categories of personal data, information about recipients or categories of recipients to whom the data have been or will be disclosed, about the period of data storage or criteria for determining them, about the rights of the person related to the processing of his personal data, about the possibility of submitting a complaint to the supervisory authority, about the source of obtaining personal data if they have not been obtained directly from the data subject and about profiling and automated processing of decisions
- Right to rectification (Article 16 GDPR), i.e., if a person becomes aware that his personal data processed by the Controller are incorrect, outdated or incomplete, he has the right to request their immediate rectification or supplementation
- Right to be forgotten / Right to erasure (Article 17 GDPR), i.e., may request the deletion of their personal data, whereby, if the person has consented to the processing of personal data, the request for deletion will have the same effect as the withdrawal of consent
- Right to restrict Processing (Article 18 GDPR), i.e., to request the cessation of their processing except for their storage, in situations where:
a. the data subject disputes the accuracy of the personal data
b. the data subject questions the lawfulness of the processing of personal data by the Controller
c. The controller no longer needs the data, but they are needed by the data subject to establish, exercise or defend his claims;
d. the data subject has objected to the processing and this objection has been recognized by the Controller
- Right to data portability (Article 20 GDPR), which means the right to receive personal data made available to the Controller in a structured format, common use, readable by a specific device, so that it can be transferred directly to another entity, if it is technically possible
- Right to object to the processing (Article 21 GDPR), which means the right of the data subject to object to the use of his personal data for purposes related to direct marketing of products and services, as well as other marketing activities carried out by the Controller sent via e-mail or SMS). The objection does not result in the deletion of the data, but only the cessation of their use by the Controller for marketing purposes
- Right to withdraw consent, which means that in cases where data processing is based on consent, the data subject has the right to withdraw consents granted for processing purposes at any time. Withdrawal of consent does not affect the lawfulness of processing carried out until the consent is withdrawn
- Right to lodge a complaint with the competent supervisory authority. If the data subject considers that the data are being processed illegally, he or she has the right to lodge a complaint with the competent supervisory authority
VII. Contact with us
You can contact us:
- By correspondence: Aleje Jerozolimskie 100, 05-077 Warsaw
- By e-mail: contact@devapo.io
VIII. Changes to the Privacy Policy
The provisions of the Privacy Policy may be changed or updated, so we recommend that you regularly follow the changes. We will inform you of any changes or additions by posting relevant information on the Website.
Last modified: 14.10.2022