fbpx

Privacy and cookie policy

Privacy and cookie policy of Linker.shop website  

I. General provisions  

This Privacy and Cookie Policy sets out the rules for the processing of personal data obtained via contact forms on the website Linker.shop (“Website“) and in the course of providing services related to the Website by the Controller.

The Controller of your personal data within the meaning of personal data protection regulations is Linker Cloud spółka z ograniczoną odpowiedzialnością (limited liability company) with its registered office in Warsaw, ul. Tadeusza Borowskiego 2, 03-475 Warsaw, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Division of the National Court Register, under No. 0000662133, NIP (Tax Identification Number): 5223082902, REGON (National Business Registry Number): 366498427, with a share capital of PLN 186,000.00 (“Controller”).

The Controller, when processing personal data, shall ensure compliance with applicable regulations, in particular:

  1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as “Regulation”. Official text of the Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679;
  2. Act of 10 May 2018 on Personal Data Protection (consolidated text, Dziennik Ustaw 2019, item 1781), hereinafter referred to as the “Act”.

The Controller has appointed the Data Protection Officer, who can be contacted via e-mail: info@linker.shop.

The Controller shall exercise due diligence to respect the privacy of Users visiting the Website and using the Controller’s services. The Controller shall guarantee the confidentiality of all personal data and that all security and personal data protection measures required by personal data protection regulations, including provisions laid down in the Regulation and the Act, shall be taken. Personal data is collected with due diligence and adequately protected against access by unauthorised persons.

The Controller shall not make automated decisions in individual cases and shall not apply User profiling.

The Controller does not collect nor process sensitive data, referred to in the Regulation as “special categories of personal data”. The Controller also does not want to collect and process the data of minors under the age of 16.

II. Rights of the User  

The User of the Website has the following rights arising from the processing of their personal data:

  1. right to request access to own personal data – the User has the right to obtain a confirmation whether the Controller processes his/her personal data and, if applicable, the right to access that data and receive information concerning such data as: purpose of processing, categories of data, information about recipients or categories of recipients to whom the data has been disclosed, planned period of storage of personal data or criteria for determining that period; the above right also includes the right to receive free copies of data (for all subsequent copies requested by the User, the Controller may charge a reasonable fee resulting from administrative costs),
  2. right to rectify personal data (if it is incorrect), which also includes the submission of a request to supplement incomplete personal data,
  3. right to delete personal data (the so-called “right to be forgotten”) in the following circumstances: if the User’s personal data is no longer necessary for the purposes for which they were collected, the User withdrew their consent to its processing and there is no other basis for data processing, the User filed an objection to the processing, the personal data was processed contrary to the law, the personal data must be deleted in order to fulfill the legal obligation provided for in the EU Law or the law of the Member State to which the Controller is subject, the personal data was collected in connection with offering information society services,
  4. right to restrict the processing of data, if: the User questions the accuracy of personal data (for a period allowing the Controller to verify the accuracy of such data), the processing is illegal and the User opposes the deletion of data, the Controller no longer needs personal data for processing purposes, but needs it to establish, assert or defend claims, the User has raised an objection to the processing until it is determined whether the legitimate grounds on the part of the Controller prevail over the grounds for the User’s objection,
  5. right to object to the processing, if: the User does not want the Controller to process data,
  6. right to data portability, including the right to receive to receive personal data provided by the User from the Controller in a structured, commonly used, machine-readable format, including the right to request for the personal data to be sent by the Controller directly to another Controller (where technically possible),
  7. right to withdraw your consent to data processing at any time (this will not affect the lawfulness of processing based on consent before its withdrawal),
  8. right to file a complaint with the President of the Personal Data Protection Office, if the User deems that the processing of personal data is in breach of provisions laid down in the Regulation.

Should you have any questions related to the processing of personal data or should you wish to exercise any of the aforementioned rights, please contact the Data Protection Officer by sending an e-mail to the following address: info@linker.shop.

III. Data transfer

In order to ensure the proper functioning of the Website and the professional provision of its services, the Controller must use third party services. The Controller engages the services of only those processing entities who provide sufficient guarantees regarding the implementation of adequate technical and organisational measures, so as to ensure that processing is conducted in accordance with the requirements laid down in the Regulation and in a way that protects the rights of data subjects pursuant to Article 28 of the Regulation.

The Controller shall entrust the processing of personal data to the following categories of entities:

  1. accounting, legal and advisory service provider (in particular an accounting firm, law firm, enforcement company),
  2. hosting services provider,
  3. cloud service provider,
  4. newsletter mailing system provider,
  5. CRM system provider,
  6. invoicing system provider,
  7. service providers supplying the Controller with technical, IT and organisational solutions (in particular the provider of computer software for running the Website and providing services, electronic mail service provider and the provider of software used for managing the company and providing technical assistance to the Controller),
  8. other entities, if the use of their services is necessary for the proper operation of the Website and for the provision of services by the Controller.

All entities entrusted by the Controller with the processing of personal data guarantee the application of adequate measures personal data security and protection measures required by law.

As part of the Controller’s use of tools aimed at supporting their day-to-day operations made available e.g., by Google, User’s personal data may be transferred to a country outside the European Economic Area, in particular, to the United States of America (USA) or another country wherein the entity cooperating with it maintains tools serving the purpose of processing personal data in cooperation with the Controller.

Adequate measures to safeguard personal data transferred has been provided by the Controller through the use of standard data protection clauses adopted in adherence to European Commission decisions and personal data processing agreements that meet the requirements of the GDPR. Should the data be transferred from Europe to the USA, some entities located there may additionally provide an adequate level of data protection under the so-called Privacy Shield programme (more information on this subject is available at: https://www.privacyshield.gov/).

In relation to each and every processing entities, pursuant to Art. 28(3) of the Regulation, a personal data processing agreement shall apply.

The Controller may be obliged to provide information collected by the Website to authorised bodies on the basis of legal demands, to the extent arising from those demands.

IV. Purposes of processing, retention period and scope of data  

The purpose of processing the User’s personal data, as well as the scope of processed data and the period of retention thereof, shall depend on the relationship between the Controller and the User, in particular, the scope of activities that the Controller either performs or may perform for the User.

  1. Purpose of processing: creating a User account on the Software as a Service Linker – Cloud Fulfillment Platform platform in relation to the service provision agreement concluded.

Legal basis:

  • Legal basis: Art. 6(1)(b) of the Regulation – conclusion, performance, and termination of a civil law agreement,
  • Art.6(1)(c) of the Regulation – satisfaction of obligations arising from legal provisions, including financial and tax obligations, by the Controller, arising from a conjunction with Art. 86 § 1 of the Act of January 29, 1997 – Tax Ordinance (consolidated text, Journal of Laws of 2019, item 900) or Art. 74(2) of the Accounting Act of September 29, 1994 (consolidated text, Journal of Laws of 2019, item 351).

Retention period: period of the civil law agreement, and after expiry thereof, for the limitation period of civil law claims arising from the agreement concluded, and for the period required by law, in particular, by tax regulations – for the limitation period of tax liabilities.

Scope of data: e-mail address, first name, last name, business name, phone number, and other data voluntarily provided by the User.

Failure to provide the above data will result in the inability to open a User Account.

  1. Purpose of processing: establishing contact with the Controller and corresponding via e-mail.

Legal basis:

  • Legal basis: Art. 6(1)(a) of the Regulation – consent of persons who the data concerns,
  • Art. 6(1)(f) of the Regulation – legitimate interest of the Controller.

Retention period: until the User withdraws consent, provided that this data is processed based thereon, but no longer than 1 year from the date of completion of correspondence, and for an additional period of time corresponding to the limitation period of claims, which may be brought by or against the Controller. Should the data be processed on the basis of the Controller’s legitimate interest – personal data will be stored for the duration of the services rendered by the Controller, and after the service has been completed for an additional period of time corresponding to the limitation period of claims, which may be brought by or against the Controller.

Scope of data: first name, last name, e-mail address, and any data voluntarily provided by the User in the e-mail message.

Failure to provide the aforementioned data will result in the inability to establish contact with the Controller via e-mail.

  1. Purpose of processing: establishing contact with the Controller via a contact form – newsletter subscription.

Legal basis: Art. 6(1)(a) of the Regulation – consent of persons who the data concerns.

Retention period: until the User withdraws consent, provided that this data is processed based thereon, and for an additional period of time corresponding to the limitation period of claims, which may be brought by or against the Controller.

Scope of data: first name, last name, e-mail address, and any data voluntarily provided by the User in the e-mail message.

Failure to provide the aforementioned data will result in the inability to establish contact with the Controller via a contact form.

4. Purpose of processing: establishing contact with the Controller via a contact form – contact for the purpose serving to gain access to the demo version on the Software as a Service Linker – Cloud Fulfillment Platform.

Legal basis: Art. 6(1)(a) of the Regulation – consent of persons who the data concerns.

Retention period: until the User withdraws consent, provided that this data is processed based thereon, and for an additional period of time corresponding to the limitation period of claims, which may be brought by or against the Controller.

Scope of data: first name, last name, e-mail address, and any data voluntarily provided by the User in the e-mail message.

Failure to provide the aforementioned data will result in the inability to establish contact with the Controller via a contact form.

5. Purpose of processing: mailing of marketing and commercial information in electronic form.

Legal basis:

  • Art. 6(1)(a) of the Regulation – consent of persons who the data concerns or,
  • Art. 6(1)(f) of the Regulation – implementation of the Controller ‘s legitimate interests.

Retention period: until the User withdraws consent, provided that this data is processed based thereon, and for an additional period of time corresponding to the limitation period of claims, which may be brought by or against the Controller. Should the data be processed on the basis of the Controller’s legitimate interest – personal data will be stored for the duration of the services rendered by the Controller, and after the service has been completed for an additional period of time corresponding to the limitation period of claims, which may be brought by or against the Controller.

Scope of data: first name, last name, e-mail address, and any data voluntarily provided by the User in the e-mail message.

Failure to provide the aforementioned data will result in the inability to establish contact with the Controller via e-mail.

V. Cookies

The Website uses cookies, i.e. small text filed stored on the User’s end device (e.g. computer, tablet, smartphone), which may read by the Controller’s ICT system.

The website uses two types of cookies: session cookies which are deleted permanently upon the User ends browser session, as well as and persistent cookies that remain after the end of the browser session on the User’s device until they are deleted.

When visiting the website, the information on the use of cookies is displayed. By using the website you shall consent to the use of cookies to the extent indicated herein. The User has the ability to manage cookies from the website level. The User may change cookie settings from their web browser or delete cookies. It should be remembered that disabling cookies may cause difficulties in using the website.

The Controller uses its own cookies in order to ensure the proper operation of the website.

The Website uses functions provided by third parties, which involves the use of cookies originating from third parties.

Cookies are used to ensure Website’s functionality: identify the Users; remember the User’s activity on the Website; save data from completed forms or login data, keep statistics.

Web browser settings regarding cookies are important from the perspective of consent to the use of cookies by the Website – in accordance with the law, such consent may also be expressed through web browser settings. In the absence of such consent, it is necessary to change web browser setting regarding Cookies.

We also use other technologies of a similar nature to cookies, such as local storage, which is used to retain data saved when using websites in a separated out part of the browser’s memory. Access to data in local storage may only be obtained by the website therefrom the data has been saved in the browser. Data in local storage is stored by the browser after it is closed and, unlike cookies, they have no time limit, i.e., it is in operation until it is deleted by the user.

The Controller uses the Google Analytics tool to create statistics, analyse them and optimise the operation of the Website. Google Analytics automatically collects information about the use of the Website. The information collected in this way is usually transmitted to Google servers. As part of Google Analytics use, the Controller does not collect any personal data.

VI. Server logs  

The use of the website involves sending queries to the server on which the website is stored. Each query sent to the server is saved in server logs.

The logs include, among other things, the User’s IP address, server date and time, information about the User’s web browser and operating system. Logs are saved and stored on the server.

Data recorded in server logs is not associated with specific persons using the Website and are not used by the Controller to identify the User.

The above data is used only for server administration purposes. Server logs are only an auxiliary material used to administer the website, and their content is not disclosed to anyone outside persons authorised to administer the server.

Pin It on Pinterest