§1 Who is the Administrator of Your Personal Data?
The data administrator is FINEST SCALEUP. You can contact the Administrator by writing to the email address: rodo@digitalknowledge.pl.
The Administrator ensures the security of personal data: confidentiality, availability, integrity, and accountability of the actions taken. To keep our data processing transparent, this privacy policy outlines the key information regarding the processing of personal data by the Administrator based on the Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as “GDPR”). If you do not agree with the Privacy Policy, please stop using the Service and the products we offer. Providing any personal data is voluntary, but necessary for the proper provision of services by the Administrator. Clients have the right to access their data at any time and to correct them.
§2 For What Purpose Do We Collect Your Data and How Long Do We Store It?
We may process your data for the following purposes:
- Communication with You, including responding to questions submitted through the contact form, email, etc. Data will be processed based on the Administrator’s legitimate interest in communicating with the Users of the Site (Article 6(1)(f) GDPR). Your data will be processed until you object or the business purpose ceases. Providing this data is voluntary but necessary to communicate with you. Data may also be processed during the archiving process for internal purposes, based on the Administrator’s legitimate interest (Article 6(1)(f) GDPR), until you object or the business purpose ceases.
- Contract conclusion and its execution (placing an order).
- Establishing, defending, and pursuing claims.
- Fulfillment of legal obligations imposed on the Administrator (e.g., tax and archival obligations). Data necessary for concluding and performing the contract will be processed for the duration of the contract, including the period for exercising rights arising from the contract, such as warranty claims (Article 6(1)(b) and (f) GDPR). Providing this data is voluntary but necessary to conclude and execute the contract. Additional data provided to improve contract execution will be processed until you object or the business purpose ceases, based on a legitimate interest in customer service (Article 6(1)(f) GDPR). After this period, the data will be processed for the limitation period of claims, based on the Administrator’s legitimate interest in defending against claims and establishing and pursuing claims (Article 6(1)(f) GDPR). Where the data is necessary to fulfill legal obligations imposed on the Administrator (such as issuing and storing invoices), the data will be processed for this purpose no longer than 6 years (archival obligations related to accounting documents), unless the law requires a longer period (Article 6(1)(c) GDPR). Data may also be archived for internal and statistical purposes until you object or the business purpose ceases, based on the Administrator’s legitimate interest (Article 6(1)(f) GDPR).
- Providing marketing information (including sending newsletters and information about services, products, promotions, and free content via other tools such as chatbots, phone calls). Data will be processed based on the Administrator’s legitimate interest in marketing the Administrator’s products and services (Article 6(1)(f) GDPR). Data will be processed until you object or the business purpose ceases—whichever occurs first. Providing data is voluntary but necessary to receive marketing/commercial information. According to Article 10 of the Act on the Provision of Electronic Services, we need your consent for maintaining commercial communication and phone communication. You can withdraw it at any time by clicking the link in the email footer or writing to us at the above-mentioned address.
- Administering and managing the website and groups on social platforms (e.g., Facebook (Meta), Instagram, LinkedIn, YouTube). When processing data on social platforms, including communication and directing marketing content, data will be processed only if you choose to like the page, join the group, select the „Follow” option, or leave your data in some other way on the platform we manage (e.g., by posting or commenting). Data will be processed for the duration of the page/group’s existence or until you object, which may be done by unliking the page, unfollowing, deleting the post/comment, or contacting us in another way. Please note that the rules concerning the page/fanpage/group are set by the Administrator, while the rules for using the social platform where the page/fanpage/group is placed are set by the platform’s operator.
- Analytical and statistical purposes. Data processing for analytical and statistical purposes involves analyzing data obtained automatically while using the website, including cookies. Data is processed based on the Administrator’s legitimate interest in adapting the Website’s content to the User’s preferences and optimizing the Website’s use, as well as creating statistics that help understand how Users use the Website, enabling improvements to its structure and content (Article 6(1)(f) GDPR). Data may also be archived for internal and statistical purposes, based on the Administrator’s legitimate interest (Article 6(1)(f) GDPR), until you object or the business purpose ceases.
- Recovering abandoned carts. If you do not complete an order, you will receive a reminder about the started but unfinished order. Data will be processed based on the Administrator’s legitimate interest in servicing potential and actual Clients (Article 6(1)(f) GDPR). These data will be processed as long as necessary to achieve business purposes or until an objection is raised.
- Posting comments. Data visible on our Website with the posted comment is processed by us for administering the Website and its maintenance, as well as for communication with you, based on the Administrator’s legitimate interest (Article 6(1)(f)) for the duration necessary to achieve business purposes or until an objection is raised.
- Promotion and marketing. If you provide us with your data, particularly in the form of feedback about a product or service, including image data, it will be processed based on the Administrator’s legitimate interest in marketing to improve the quality of services and products and to promote the Administrator’s services and products. This data will be processed for the period necessary to achieve business purposes or until an objection is raised. Providing data is voluntary.
§3 To Whom May We Disclose Your Data?
We disclose your data to other entities only when it is necessary to achieve the processing purposes mentioned in §2 and only to the extent necessary to achieve that purpose. Generally, we collect and process only the data you have provided to us, except for data collected automatically (cookies). More about cookies can be found in §7. When necessary, your data may be transferred to entities with whom we cooperate to achieve the above-mentioned purposes, particularly to the hosting company, IT company/entity managing the website, accounting service provider, invoicing software provider, newsletter service provider, cloud service provider, CRM services provider, marketing service providers, administrative services providers, entities auditing our activities, banks for settlement purposes, consulting service providers, subcontractors, lawyers, couriers or postal operators, training platforms, social platforms, client service platforms, appointment scheduling platforms, product or service sharing platforms, and other entities supporting the Administrator in achieving processing purposes. Generally, data will not be transferred outside the EEA, except for the situations described below. In other cases, if data is transferred outside the EEA, this will be based on your consent, standard contractual clauses, or other safeguards provided for in the GDPR after fulfilling, among other things, the information obligation. Services provided by Google or Facebook (META) are generally performed by entities located in the European Union. However, due to the global nature of these entities, your data may be transferred to the USA in connection with its storage on American servers (in whole or in part). Regardless, Google and Facebook have implemented safeguards in line with GDPR requirements to protect personal data through the use of standard contractual clauses. More information on data processing principles by the aforementioned providers can be found in each entity’s privacy policies.
§4 What Are Your Rights?
Under the GDPR, you have the right to access your personal data, correct personal data, delete personal data, restrict the processing of personal data, object to the processing of personal data, transfer personal data, and withdraw consent for processing. Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal. Detailed information on the aforementioned rights is included in the GDPR, namely Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). If you believe that your personal data is being processed in violation of applicable law, you have the right to lodge a complaint with the President of the Personal Data Protection Office. However, we encourage you to contact us first to clarify your concerns.
§5 Are Your Data Subject to Profiling?
The Administrator analyzes personal data in an automated manner using tools provided by software suppliers (e.g., using statistics and history), but only to the extent that it does not have legal effects on you or significantly affect your situation, including your guaranteed rights and freedoms. The purpose of automated data processing is to learn the preferences of Users (more information on analysis can be found in §7 Cookie Policy). In matters not regulated by this policy, relevant legal provisions, including European law (e.g., GDPR), apply.
§6 Cookie Policy
The Website does not automatically collect any information except for information contained in cookies. These are collected in a way that makes it impossible to identify the User (anonymous data). Cookies (so-called „cookies”) are IT data, in particular text files, stored in the User’s end device and intended for using the Website. Cookies usually contain the name of the website they come from, the storage time on the end device, and a unique number. Cookies are used to adjust the Website’s content to the User’s preferences and optimize the use of the Website, as well as to create statistics that help understand how Users use the Website, allowing improvements to its structure and content. You can change the settings related to cookies on your own. In many cases, the web browser allows cookies to be stored on the User’s end device by default. Detailed information on how to manage cookies is available in the software settings (web browser). Refusing to accept cookies may limit some functionalities of the Website. The Administrator uses technologies that track User actions on the Website:
- Facebook (Meta) conversion pixel provided by Meta Platforms Ireland Limited – for managing Meta ads and conducting remarketing activities; The Facebook Pixel is a piece of code published on the website that allows reaching the target audience based on the data of people who have used the website. Therefore, within the Facebook Pixel function, ads published on Meta platforms may only be shown to users of the platform who have shown interest in the products or services or have similar characteristics to those users. This data is processed based on the Administrator’s legitimate interest (Article 6(1)(f) GDPR). Detailed information about the Facebook Pixel can be found on Facebook’s (Meta’s) privacy policy page.
- Google tools, including Google Analytics, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The data obtained while using the aforementioned tools is used for analyzing Website statistics. Google Analytics uses its cookies to analyze the actions and behaviors of Website Users. These cookies store information, such as which website the User came from to the current website. They help improve the Website. This data is processed based on the Administrator’s legitimate interest (Article 6(1)(f) GDPR). Detailed information about Google Analytics can be found on the Google tools usage policy page.
Using the Website involves sending requests to the server where the Website is stored. Each request directed to the server is logged. The logs include the User’s IP address, date, and server time, information about the web browser, and the operating system used by the User. Server logs are stored on the server. Data recorded in the server logs are not associated with specific individuals using the Website and are not used by the Administrator to identify the User. Server logs are only used as an aid to administer the Website, and their content is not disclosed to anyone other than those authorized to manage the server.
§7 Social Plugins
The Website uses plugins, widgets, and other social tools provided by platforms such as Facebook (Meta), Instagram, YouTube, and LinkedIn. The rules for processing personal data are described directly on the websites of the aforementioned service providers.
§8 Co-Administration
Data processed for the purpose of statistics collected within the Facebook (Meta) platform is co-administered by the Administrator and Meta Platforms Ireland Limited, with its registered office at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, hereinafter referred to as Co-Administrator. Detailed rules on co-administration, including information on your rights, are described on the privacy policy page. Data processed on the LinkedIn platform is co-administered by the Administrator and LinkedIn Ireland Unlimited Company, address: Legal Dept. (Privacy Policy and User Agreement), Wilton Place, Dublin 2, Ireland, hereinafter referred to as Co-Administrator. Detailed rules on co-administration, including information on your rights, are described on the privacy policy page. The Administrator processes data based on the legitimate interest of the Administrator in conducting analyses of User activity and preferences to improve the functionalities used and services provided. In matters related to personal data, you can contact both the Administrator and the Co-Administrator.