Privacy Policy

PRIVACY POLICY of the mProfi.io website

  1. GENERAL PROVISIONS
  2. BASIS FOR THE DATA PROCESSING
  3. PURPOSE, BASIS, DURATION, AND SCOPE OF DATA PROCESSING ON THE WEBSITE
  4. RECIPIENTS OF DATA ON THE WEBSITE
  5. PROFILING ON THE WEBSITE
  6. RIGHTS OF THE PERSON TO WHICH THE DATA PERTAINS
  7. COOKIES ON THE WEBSITE, USE DATA AND ANALYTICS
  8. FINAL PROVISIONS

§ 1 GENERAL PROVISIONS

  1. This Website’s privacy policy has a reference character, which means that it does not create any obligations for Website Users. The privacy policy includes, first of all, the rules concerning the processing of personal data by the Administrator on the Website, including the grounds, purpose and scope of processing of personal data, and the rights of people to whom the data applies, as well as information on the use of cookies and analytical tools on the Website.
  2. The Website distinguishes between Electronic Services provided directly by the Website Owner, and Services provided by Clients/Service Recipients, who, within the mProfi platform, communicate with their Recipients through the Electronic Services provided – third parties in relation to the Website Owner. Thus, agreements on the provision of Electronic Services between Clients/Service Recipients and Recipients are concluded separately. The personal data of Recipients are also processed separately; in this case, the Administrator of personal data is the Client/Service Recipient who registered the Account and uses the mProfi platform.
  3. The administrator of personal data collected via the Website within the functionalities provided by the Service Provider is MATERNA COMMUNICATIONS SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, entered into the register of entrepreneurs of the National Court Register, Registry Court: DISTRICT COURT FOR THE CAPITAL CITY OF WARSAW, WARSAW, XIII COMMERCIAL DIVISION OF THE NATIONAL COURT REGISTER, with its registered office and address for service: 28A Wita Stwosza Street, Warsaw 02-661 , KRS 0000197766, NIP 5213285986, REGON 015656980, share capital: PLN 50,000.00, e-mail address: support@mprofi.io, telephone number: +48 22 852 13 80 – hereinafter referred to as” Administrator”, which is at the same time the Internet Service Provider.
  4. Personal data on the Website shall be processed by the Administrator in accordance with the applicable provisions of law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “GDPR” or “GDPR Regulation”. Official text of the GDPR Regulation »
  5. Use of the Website, including the conclusion of agreements is voluntary. Similarly, the provision of personal data by the Service Recipient using the Website is voluntary, with the reservation of two exceptions: (1) concluding agreements with the Administrator – failure to provide personal data necessary for the conclusion and performance of an agreement for the provision of Electronic Services with the Administrator in the cases, and to the extent indicated on the Website, in the Regulations of the Website, and this privacy policy shall render the conclusion of this agreement impossible. In such a case, providing personal data is a contractual requirement, and if the data subject wants to enter into an agreement with the Administrator, he or she is obliged to provide the required data. Each time the scope of data required to conclude an agreement is indicated in advance on the Website and in the Regulations of the Website; (2) statutory obligations of the Administrator – providing personal data is a statutory requirement, resulting from the generally applicable provisions of law imposing on the Administrator the obligation to process personal data, and failure to provide such data will prevent the Administrator from performing these obligations.
  6. The Administrator shall exercise special care in order to protect the interests of persons to whom the personal data processed by the Administrator pertain, and in particular shall be responsible, and ensure that the data collected by the Administrator is: (1) processed in compliance with law; (2) collected for specified, legitimate purposes, and not further processed to ends incompatible with those purposes; (3) substantially correct and adequate in relation to the purposes for which they are processed; (4) stored in a form that permits the identification of data subjects, for periods no longer than is necessary to achieve the purpose of the processing, and (5) processed in a manner that ensures adequate security of personal data, including protection against unauthorised or unlawful processing, and accidental loss, destruction or damage, by appropriate technical or organisational measures.
  7. Considering the nature, scope, context and purposes of the processing, and the risk of infringement of the rights or freedoms of natural persons with different degrees of probability and gravity, the Administrator shall implement appropriate technical and organisational measures to ensure that the processing is in accordance with the said Regulation, and to be able to demonstrate the above. The said measures shall be inspected and updated, as necessary. The Administrator shall apply technical measures to prevent unauthorised persons from collecting and modifying personal data sent by electronic means.
  8. All words, expressions and acronyms appearing in this privacy policy and beginning with a capital letter (e.g. Service Provider, Website, Electronic Service) shall be understood in accordance with their definition contained in the Website Regulations, available on the Website.

§ 2 BASIS FOR THE DATA PROCESSING

  1. The Administrator is entitled to process personal data in cases where – and to the extent to which – at least one of the following conditions is met: (1) the data subject has given his or her consent to the processing of his or her personal data for one or more specified purposes; (2) processing is necessary for the performance of an agreement to which the data subject is a party, or to take action at the request of the data subject prior to the conclusion of the agreement; (3) processing is necessary to fulfil a legal obligation incumbent on the Administrator; or (4) processing is necessary for purposes arising from legitimate interests pursued by the Administrator or by a third party, except where the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data are paramount against the said interests, in particular if the data subject is a minor.
  2. The processing of personal data by the Administrator requires the occurrence of at least one of the bases specified in paragraph 2.1 of the privacy policy. Specific grounds for processing personal data of the Website Users by the Administrator are indicated in the next section of the Privacy Policy – with respect to a specific purpose of processing personal data by the Administrator.

§ 3 PURPOSE, BASIS, DURATION, AND SCOPE OF DATA PROCESSING ON THE WEBSITE

  1. Each time the purpose, basis, period and scope as well as the recipients of personal data processed by the Administrator results from the actions taken by a specific Service Recipient on the Website.
  2.  The Administrator may process personal data on the Website for the following purposes, on the following grounds, in the periods, and within the following scope:

Purpose of data processing

Legal basis for the processing, and data retention period

Scope of the processed data

Execution of a service agreement or an agreement for the provision of an Electronic Service, or taking action at the request of the data subject, prior to the conclusion of the aforementioned agreements.

Article 6 (1) (b) of the GDPR Regulation (performance of the agreement)

The data shall be kept for the period necessary for the performance, until termination or another expiration of the agreement.

Maximum scope: name and surname; e-mail address; street, house number, apartment number, postal code, town, country, residential address.

Direct marketing

Article 6(1)(f) of the GDPR Regulation (legitimate interest of the Administrator)

The data shall be stored for the period of existence of a legitimate interest pursued by the Administrator, but not longer than for the period of limitation of claims against the data subject, with respect to the Administrator’s business activities. The statute of limitations is determined by the provisions of law, in particular by the Civil Code (the basic statute of limitations for claims related to a business activity is three years, and for a sales contract two years).

The Administrator may not process the data for direct marketing purposes, if the data subject expresses an effective objection in this respect.

E-mail address

Marketing

Article 6 (1) (a) of the GDPR Regulation (consent)

The data shall be stored until the data subject withdraws his or her consent to further processing of his or her data for this purpose.

Name, email address

Bookkeeping

Article 6 (1) (c) of the GDPR Regulation in conjunction with Article 74 (2) of the Accounting Act of 30 January 2018 (Journal of Laws of 2018, item 395)

The data shall be stored for the period required by the provisions of law requiring the Administrator to keep the books of accounts (5 years, counting from the beginning of the year following the financial year to which the data relate).

First and last name; address of residence/business/office (if different from the address for service), company name and tax identification number (NIP) of the Service Recipient or Client.

Determination, investigation or defence of any claims that may be raised by the Administrator, or which may be raised against the Administrator

Article 6 (1) (f) of the GDPR Regulation

The data shall be stored for the period of existence of a legitimate interest pursued by the Administrator, but not longer than for the period of limitation of claims against the data subject, with respect to the Administrator’s business activities. The statute of limitations is determined by the provisions of law, in particular by the Civil Code (the basic statute of limitations for claims related to a business activity is three years, and for a sales contract two years).

Maximum scope: name and surname; e-mail address; street, house number, apartment number, postal code, town, country, residential address.

§ 4 RECIPIENTS OF DATA ON THE WEBSITE

  1. In order to ensure proper functioning of the Website, including the performance of concluded agreements for the provision of electronic services, it is necessary for the Administrator to use the services of external entities (such as software providers). The Administrator uses only the services of such processing entities that provide sufficient guarantees of implementation of appropriate technical and organizational measures, so that the processing meets the requirements of the GDPR Regulation, and protects the rights of data subjects.
  2. Personal data may be transferred by the Administrator to a third country, but the Administrator ensures that in such a case it will be done in relation to the country guaranteeing an adequate level of protection – in accordance with the GDPR Regulation, and data subjects will be able to obtain a copy of his or her data. The Administrator transfers the collected personal data only if, and to the extent necessary to achieve a specific purpose of data processing in accordance with this privacy policy.
  3. Transfer of data by the Administrator does not take place in every case, and not to all recipients or categories of recipients indicated in the privacy policy – the Administrator transfers the data only if it is necessary for the purpose of personal data processing, and only to the extent necessary for its implementation.
  4. Personal data of the Website Service Recipients may be transferred to the following recipients or categories of recipients:
  • a.        entities accepting electronic payments or payment cards – with respect to Clients who use the electronic payment method or payment card on the Website, the Administrator shall make the collected personal data of the Client available to a selected entity handling the above payments on the Website, at the request of the Administrator to the extent necessary to handle payments made by the Client.
  • b.       accounting, legal and advisory services providers providing the Administrator with accounting, legal or advisory support (in particular accounting offices, law firms or debt collection companies) – the Administrator makes the collected personal data available to a selected provider acting on his/her behalf only in the case and to the extent necessary to achieve the purpose of data processing consistent with this privacy policy.
  • c.        service providers providing the Administrator with technical, IT and organizational solutions enabling the Administrator to conduct business activity, including the Website and Electronic Services provided through it (in particular, the provider of computer software for running the Website, the e-mail and hosting provider, of software enabling company management, and providing technical assistance to the Administrator) – the Administrator makes available the collected personal data to a selected provider acting on his/her behalf only if and to the extent necessary to achieve the purpose of data processing in accordance with this privacy policy.

§ 5 PROFILING ON THE WEBSITE

  1. The GDPR Regulation imposes an obligation on the Administrator to inform about automated decision-making process, including profiling referred to in Article 22 (1) and (4) of the GDPR Regulation, and – at least in these cases – relevant information about the principles of the said process, as well as about the significance, and anticipated consequences of such processing for the data subject. Considering the above, the Administrator provides information about possible profiling in this privacy policy.
  2. The Administrator may use profiling on the Website for the purposes of direct marketing, but the decisions made by the Administrator on this basis do not concern the conclusion, or refusal to conclude an agreement for the provision of electronic services, or the possibility of using Electronic Services on the Website. The result of using profiling On the website can be, for example, a message, an offer that can meet the interests or preferences of a person, or offering better conditions in comparison with the standard offer of the Service. In spite of being profiled, it is that specific that decides freely whether they want to take advantage of a discount or better terms, and make a purchase on the Website.
  3. Profiling in the Internet Service consists in automatic analysis or forecast of a specific person’s behaviour on the Website, or by analysing the current history of actions taken in the Service. The condition of such profiling is that the Administrator has personal data of a specific person in order to be able to send him/her e.g. a discount code.
  4. The data subject has the right not to be subject to a decision that is based solely on automated processing, including profiling, and which produces legal effects on the data subject, or significantly affects him/her in a similar manner.

§6 RIGHTS OF THE PERSON TO WHICH THE DATA PERTAINS

  1.  Right of access, rectification, limitation, removal or transfer – the data subject has the right to request from the Administrator access to his/her personal data, its rectification, removal (“the right to be forgotten”), or limitation of the processing, and has the right to object to the processing, as well as the right to transfer their data. Detailed conditions for exercising the aforementioned rights are indicated in Articles 15-21 of the GDPR Regulation.
  2. Right to withdraw consent at any time – a person whose data is processed by the Administrator on the basis of the consent granted (pursuant to Article 6 (1) (a) or Article 9 (2) (a) of the GDPR Regulation) has the right to withdraw consent at any time without affecting the lawfulness of the processing, which was carried out upon the interested party’s consent before its withdrawal.
  3. The right to lodge a complaint to the supervisory authority – a person whose data is processed by the Administrator has the right to lodge a complaint to the supervisory authority in the manner, and according to the provisions of the GDPR Regulation and Polish law, in particular the Act on the Protection of Personal Data. The supervisory authority in Poland is the President of the Office for the Protection of Personal Data.
  4. Right to object – the data subject has the right to object at any time – on grounds related to his/her particular situation – to the processing of personal data concerning him/her, pursuant to  Article 6 (1) (e) (public interest or tasks) or (f) (legitimate interest of the administrator), including profiling on the basis of these provisions. In such a case, the administrator must no longer process those personal data unless he/she demonstrates the existence of valid legitimate grounds for the processing, overriding the interests, rights and freedoms of the data subject, or grounds for establishing, pursuing or defending claims.
  5. Right to object to direct marketing – if personal data is processed for the purposes of direct marketing, the data subject has the right at any time to object to the processing of personal data relating to him/her for the purposes of such marketing, including profiling, in so far as the processing is related to such direct marketing.
  6. In order to exercise the rights referred to in this Privacy Policy clause, the Administrator may be contacted by sending an appropriate message in writing or by e-mail to the Administrator’s address indicated at the beginning of the Privacy Policy, or by using the contact form available from the Website.

§7 COOKIES ON THE WEBSITE, USE DATA AND ANALYTICS

  1. Cookies are small pieces of information in the form of text files, sent by a server and saved on the visitor’s side (e.g. on a hard disk of a computer, laptop, or on a smartphone memory card – depending on the device used by the visitor to our Website). Detailed information about cookies, as well as their history can be found e.g. here: https://en.wikipedia.org/wiki/HTTP_cookie
  2. The Administrator may process data contained in cookies when visitors use the Website for the following purposes:
    a.        to identify Service Recipients as logged in on the Website, and show that they are logged in;
    b.       to remember data from completed Forms or logging data onto the Website;
    c.        to adjust the Website content to individual preferences of the Service Recipient (e.g. concerning colours, font size, page layout), and to optimise the use of the Website’s pages;
    d.       to maintain anonymous statistics demonstrating the manner of the Website use;
  3. By default, most web browsers available on the market accept the storage of cookies. Everyone has the ability to determine the terms of use of cookies, using the settings of their own web browser. This means that one can, for example, partially (e.g. temporarily) limit, or completely disable the storage of cookies – as regards the latter, however, it may affect some of the Website functionalities.
  4. The settings of your browser regarding cookies are important for your consent with respect to the use of cookies by our Website – this consent can also be expressed by your browser settings, as required by law. If you do not agree to the above, you must change your browser settings regarding cookies accordingly.
  5.  Detailed information on how to change the settings for cookies, and how to delete them by yourself in the most popular browsers can be found in the help section of your browser, and on the following pages (simply click on a link):
    in Chrome
    in Firefox
    in Internet Explorer
    in Opera
    in Safari
    in Microsoft Edge
  6. The Administrator may use the services of Google Analytics, Universal Analytics provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. These services help the Administrator analyse the traffic on the Website. The collected data is processed in an anonymous way within the framework of the above services (so called use data, which makes it impossible to identify a person), to generate statistics helpful in the administration of the Website. These data are aggregated and anonymous, i.e. they do not contain identification features (personal data) of persons visiting the Website. By using the above services on the Website, the Administrator collects data such as the sources and media helping acquire visitors to the Website, and the manner in which they are stored on the Website, information on the devices and browsers from which they visit the Website, IP and domain, geographic and demographic data (age, gender), as well as interests. You may refuse the provision of information about your activity on the Website by Google Analytics in an easy manner, by installing a browser plug-in provided by Google Inc., which is available here: https://tools.google.com/dlpage/gaoptout?hl=en.
  7. The Administrator may use the services of Matomo Analytics (formerly: Piwik), provided by InnoCraft Ltd (150 Willis St, 6011 Wellington, New Zealand). These services help the Administrator analyse the traffic in the Online Store. The collected data is processed in an anonymous way within the framework of the above services (so called use data, which makes it impossible to identify a person), to generate statistics helpful in the administration of the Online Store. These data are aggregated and anonymous, i.e. they do not contain identification features (personal data) of persons visiting the Online Store. By using the above services on the Website, the Administrator collects data such as the sources and media helping acquire visitors to the Online Store, and the manner in which they are stored at the Store, information on the devices and browsers from which they visit the Store, IP and domain, geographic and demographic data (age, gender), as well as interests.

§8 FINAL PROVISIONS

  1. The Website service may contain links to other sites. The Administrator recommends that when visiting other sites, one should become familiar with their privacy policies. This privacy policy applies only to the Internet Service Administrator.