Datenschutzrichtlinie

§.1 General Provisions

1. The data controller on Qlos.com (further: the “Website”) is Qlos sp. z o.o. with its registered office in Łódź, at ul. Wróblewskiego 18, 93-578 Łódź, entered in the Register of Entrepreneurs of the National Court Register (KRS) kept by the District Court for Łódź Śródmieście (Łódź City Centre) in Łódź, XX Commercial Division of the National Court Register under KRS No. 0000907132, NIP (Tax ID): 7292739269, with the share capital of 50,000 PLN (further: “Qlos” or the “Controller”). Data protection is managed in accordance with the requirements of generally applicable laws, and the data are stored on secured servers.
2. Data on the Website are processed in accordance with applicable regulations, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GDPR”).
3. The Controller uses cookies and similar technologies. Relevant details are set out hereinbelow.
4. The Controller has not appointed a data protection officer. In all matters regarding the processing of personal data by the Controller and the exercise of rights related to data processing, you can contact the Controller by e-mail at: [email protected], or in writing to: ul. Wróblewskiego 18, 93-578 Łódź.
5. The services on the Website are targeted only at entrepreneurs to the extent relevant for their basic subject of activity.

§2. Rules Governing the Processing of Personal Data

1. The Controller processes data based on the following legal grounds:
   1. consent given by the data subject (among others in the case of consents to the processing of data for marketing purposes that can be provided on the Website);
   2. legitimate interest of the Controller (in the situations that are described in detail in the terms of the services available on the Website; this ground applies in particular to “marketing of the Controller’s own services” for the Controller’s customers, as well as when there is a need to process data for the purpose of fulfilling obligations in tax proceedings or in order to exercise or defend legal claims, etc.);
   3. when the processing is necessary to perform the contract concluded by the Controller with the Customer using the services available on the Website (if the Customer concludes a contract with the Controller regarding the provision of the services available on the Website, then in order to perform such a contract, the Controller must be able to process the Customer’s data that are necessary for that purpose).
2. The scope of the processed data is specified in detail in the terms of the services available on the Website. By default, such data include: first name, surname, e-mail address, contact address, NIP (Tax ID), telephone number, IP address and other markings identifying the end of the telecommunications network or the ICT system used by the user, information on the start, end and scope of each use by the user of the service provided electronically, information about the use by the Customer of the services provided electronically. Such data may also be processed as part of cookies and similar technologies.
3. Data storage period:
   1. In the case of data processing based on consent, personal data shall be processed until the consent is withdrawn.
   2. In the case of data processing based on the legitimate interest of the Controller, personal data shall be processed for specific purposes until an effective objection to such processing is submitted.
   3. In the case of data processing based on the necessity to perform a contract, personal data shall be stored until the claims under the contract/provision of services are time-barred or until the legal obligation to store data expires, in particular the obligation to store accounting documents regarding the contract.
4. The Controller plans to share personal data with entities from its capital group (related parties of the Controller) or third parties for the purposes referred to above/for marketing purposes, if the data subject agrees to specific marketing purposes for which it is necessary to share the data. In addition, data can be transferred to entities that process personal data on behalf of the Controller, including to IT service providers, entities that process data for debt collection purposes, and marketing agencies, on the proviso that such entities process data on the basis of a personal data processing agreement concluded with the Controller and solely in accordance with its instructions.
5. The collected personal data shall not be transferred to recipients located in countries outside the European Economic Area (European Union countries and Iceland, Liechtenstein and Norway), unless the European Commission decides that such a third country ensures an adequate level of protection pursuant to the provisions of Article 45(3) of the GDPR.
6. Each data subject has the right to access, rectify and erase data, the right to limit their processing, the right to object to data processing, the data portability right, and the right to lodge a complaint with the supervisory body (the President of the Personal Data Protection Office (UODO)).
7. To the extent that the ground for the processing of personal data is consent, the data subject has the right to withdraw their consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
8. Providing personal data to be processed by the Controller is voluntary. Nevertheless:
   1. Providing personal data in connection with the concluded contract/services provided on its basis is voluntary, but necessary to conclude and perform the contract – failure to provide personal data renders it impossible to conclude a contract/provide services.
   2. Providing personal data if their processing is based on consent is voluntary, and the lack of consent will prevent the performance of the activities covered by the consent concerned.
9. The Controller has the right to share the User’s personal data and other data with entities authorised under applicable laws (e.g. law enforcement authorities).
10. Detailed information on data processing processes managed by the Controller is attached as Annex 1 to this Privacy Policy.

§3. Cookies

1. The Website uses cookies and similar technologies. Cookies are small text files sent by a web server and stored by the browser software. Whenever a browser reconnects to the website, the website recognises the type of the User’s connection device. Parameters make it possible to read the information contained in cookies only to the server that has created them. Therefore, cookies facilitate the use of previously visited websites. The information collected relates to the type of browser used, language, type of operating system, Internet service provider, time and date, location, and information sent to the website via the contact form. Such information may also contain personal data, e.g. IP address.
2. The data thus collected are used to monitor and check how users use the Website so as to improve its operation and security, as well as ensure more effective and problem-free navigation..
3. Cookies identify the user so as to customize the website content to their needs. As user’s preferences are remembered, it is possible to specifically target the advertisements displayed on the website.
4. The Website uses the following types of cookies:
   1. “necessary” cookies, which enable the use of the services available on the Website, e.g. authentication cookies used for the services that require authentication on the Website;
   2. cookies used to ensure security, e.g. to detect fraud in the authentication within the Website;
   3. “performance” cookies, which enable the collection of information on how the Website pages are used;
   4. “functional” cookies , which enable “remembering” the settings selected by the User and personalization of the user interface, e.g. in terms of the language or region the user comes from, font size, website appearance, etc.;
   5. “advertising” cookies , which enable the provision of customises advertising content to the users, according to their interests;
   6. “analytical”, which enable a better understanding how the user interacts with the website content so as to better organise its layout. These cookies collect information about the way the website is used by its users, the type of the website from which the service recipient was redirected , and the number and duration of visits to the website. This information is used to compile statistics on the website use.
5. Cookies can be divided into two groups:
   1. “session” cookies are temporary files that are stored on the end device until logging out (leaving the website).
   2. “permanent” cookies are files are stored on the user’s end device for the time specified in the cookie parameters or until they are deleted by the user.
6. The user may disable or restore the option of collecting cookies by changing the settings of their web browser at any time. The cookie management instructions are available at: http://www.allaboutcookies.org/manage-cookies or http://wszystkoociasteczkach.pl/

Please also find below the links to relevant information on how to delete cookies in specific browsers. Such information is also available in the “help” section of individual browsers.

1. Internet Explorer
2. Chrome
3. Safari
4. Firefox
5. Opera
6. Android
7. Safari (iOS)
8. Windows Phone
9. Blackberry

No change in the browser settings by the user is tantamount to their consent saving cookies and similar files and reading information from such files by the Controller.

Attachment number 1 - The scope of data processing Qlos.