This document is addressed to all persons who:
1. visit the Administrator’s websites:
2. visit the Administrator’s social media pages:
(hereinafter collectively referred to as the “Social Profile“),
3. contact the Personal Data Controller (e.g. by phone, e-mail),
4. are employees, collaborators or representatives of the Controller’s contractors.
The Privacy and Cookie Use Policy applies to the situation of all persons whose personal data are processed in connection with the situations indicated in sections 1-4 above (hereinafter: “Users“).
The Controller of personal data
The Data Controller of Users’ personal data is Endego spółka z ograniczoną odpowiedzialnością (Polish limited liability company) seated in Kraków (KRS: 0000420015) ul. Samuela Lindego 1C, 30-148 Kraków (the “Data Controller”). Users may contact the Data Controller, by the following means:
- by post to the address: ul. Samuela Bogumiła Lindego 1C, 30-148 Kraków;
- by e-mail: firstname.lastname@example.org;
- by phone: +48 12 397 21 82
Objectives of processing of personal data and the legal basis for processing
Users’ personal data shall be processed for the following purposes and under the following legal basis:
- responding to inquiries from Users and contacting Users regarding matters they addressed the Data Controller on, in particular by sending him an e-mail or by chat on the Social Media Profiles. The legal basis for data processing is legitimate interest of the Data Controller (pursuant to the Article 6 section 1 letter f of GDPR), consisting in the necessity to reply to the Users;
- setting up and maintaining an account on the suport.endego.com website in order to use the Data Controller’s support center and obtain help or answering questions regarding software or other services provided by the Data Controller. The legal basis for data processing is the necessity to perform the contract (Terms & Conditions of Services) or take action before concluding a contract with the User (Article 6 (1) (b) of the GDPR), as well as the Controller’s legitimate interest (Article 6 (1) (f) of the GDPR) ), consisting in the need for proper communication with contractors and persons interested in the Data Controller’s services.
- controlling and analyzing the movement on the Service and Social Media Profiles as well as conducting marketing activities on the grounds of the legitimate interest of the Data Controller pursuant to the Article 6 section 1 letter f of GDPR), consisting in promoting the services of Data Controller;
- contacting Users in current affairs, in particular regarding agreements between the Data Controller and the User, the User’s employer or entity that the User represents, submitting bids, receiving requests and orders, answering questions. The legal basis for data processing is a legitimate interest of the Data Controller (pursuant to the Article 6 section 1 letter f of GDPR), consisting in necessity of constantly contacting the contractors of the Data Controller;
- implementation of the agreements concluded between the Data Controller and the User, the User’s employer or entity that the User represent, including receiving and performing orders, submitting of orders, concluding contracts, carrying out activities in the field of accounting, accounting services, debt collection. The legal basis thereof is the necessity to perform the contract or take action prior to entering into a contract with the User (pursuant to the Article 6 section 1 letter b of GDPR), as well as a legitimate interests of the Data Controller (pursuant to the Article 6 section 1 letter f of GDPR), consisting in necessity of the correct implementation of agreements with contractors;
- fulfillment of legal obligations imposed on the Data Controller, in particular under the provisions of tax law (pursuant to the Article 6 section 1 letter c of GDPR);
- determining, securing and pursuing possible claims of both the Data Controller and the User. The legal basis is a legitimate interest of the Data Controller (pursuant to the Article 6 section 1 letter f of GDPR) consisting of the possibility of determining, pursuing or defending claims.
Categories of references to the data
The Data Controller processes personal data of the Users necessary to implementation of the objectives mentioned hereinabove, in particular identification data, contact details and information on the employer, as well as the data about the usage of Data Controller’ services, Service and Social Network Profiles.
The recipients of data (categories of recipients)
The Users’ personal data may be shared with external entities providing services to the Data Controller, such as accounting services as well as IT services providers, including e-mail and providing services to the contractors. The Data Controller may share the personal data with entities based in the non-EU third countries only if the adequate level of protection in the said country has been established. The Data Controller shares the data of the Users with:
- Google LLC Headquartered in California, USA and Google Ireland Ltd – these entities are liable for anylizing the website traffic within this website. Information on how Google LLC with and Google Ireland Ltd process personal data can be found here: https://policies.google.com/privacy?hl=en-US.
- HappyFox, Inc. based in California, USA (47 Discovery, STE 170, Irvine, CA 92618) – this entity is responsible for providing the platform that ensures the functioning of the suport.endego.com website. HappyFox Inc. acting in this respect is an entity that processes personal data at the request of the Data Controller. Information on how Happy Fox Inc. processes personal data can be found here: https://www.happyfox.com/privacy-policy/
Facebook Ireland Ltd. and Google Ireland Ltd are entities operating under Irish law, and thus apply the EU rules regarding the processing personal data. HappyFox Inc. is an entity operating under the laws of the state of California, USA.
The period of storage of personal data
We will store store the Users’ data for the period necessary to achieve the objectives set out hereinabove. If:
- the User’s personal data are processed in connection with the contract concluded with the User, his employer or entity, which the User represents will be stored for a period of performance of the contract and to the necessary extent – for 5 years from the end of the calendar year in which the payment of the tax became past due in connection with the conclusion and implementation of the agreement or longer if required by law,
- the User contacted the Data Controller – the data will be processed for the time necessary for the purpose of contacting the User and for a period of 2 years from the termination of the contact,
- the User’s personal data are processed in connection with using the Social Media Profiles – for the period of having an account on the said Social Media.
If the User’s personal data will no longer be necessary for the purposes for which they were processed, the Data Controller will keep them in order to determine, pursue or defend potential claims of both the Data Controller and the User only for periods of limitation set out in the provisions of law.
The consequences of failure to provide personal data
Except in cases in which providing personal data is legally required, the provision of personal data is entirely voluntary, but the failure to provide them may impede or prevent us from achieving objectives set out hereinabove.
Information on automated decision-making
The Users’ will not be subject to decisions based solely on automated processing of data, also the data will not be processed in the form of profiling by the Data Controller.
The source of personal data
The User’s personal data, which are not collected directly from the Users, may be obtained from their employers, collaborators or entities that the User represents. The Data Controller may also process personal data derived from the sources accessible to the public.
Rights relating to the processing of personal data
The User is entitled to the following rights related to the processing of personal data:
- the right of access to personal data, the right to request rectification, erasure or restriction of processing of personal data, as long as these rights are not excluded or restricted by the provisions of law.
- The right to object to the processing of personal data because of the special situation of the User – in cases where your personal data is processed on the basis of legally justified interests of the Data Controller.
- The right to transfer the personal data, i.e. the right to receive personal data in a structured, commonly used machine-readable format. The User may send the data to another Data Controller of personal data or demand hat send the data to another Data Controller. However, we will do so only if such transfer is technically possible.
- The right to lodge a complaint to the authority – the President of the Personal Data Protection Office.
- Other rights arising from generally applicable provisions of law.
In order to use these rights, please contact the Data Controller.
What are cookies?
Cookies are online data, in particular text files that are stored in the User’s device (computer, mobile phone, tablet). Primarily, they contain the name of the website of its origin, their unique number, time of storage on the terminal device. Through the cookies the statistical information about Users’ traffic, visitor activity and the way of using of the Service are delivered to the Data Controller. They allow to customize the content and services to the preferences of the User.
What are cookies used for?
- The cookie mechanism is not used to obtain any information about the Users, except for their behaviour on the Site.
- The Data Controller stores the cookies on the Users’ devices in order to:
- properly adjust the Service to the Users’ needs and optimize the use of the websites;
- remember the preferences and personal user settings, recognising the device and ensuring the proper viewing of a website tailored to their needs (full and mobile version of the page);
- create the viewing statistics of the Service that helps to understand how the Users use the websites, which allows to improve their structure and content;
- maintain the User’s sessions (after logging in), so the User does not have to re-enter login and password on every page of the Service;
- analyze the User’s behavior, including with the help of third parties (Google), as well as to adjust the displayed advertisements.
- Due to the Facebook, Instagram and LinkedIn plug-ins being placed in the Service, the cookies may also facilitate the Social Media to record the presence of the User on the Service website and to adjust the displayed commercials to the activity of the User.
What types of cookies do we have?
In the Service there are used the two basic types of cookies:
- a “session” ones ( “session cookies”) and
- “permanent” ones ( “persistent cookies”).
The session cookies are temporary files that are stored in the User’s terminal device until logging out time, leaving the website or disabling the software (web browser). The permanent cookies are stored in the User’s terminal device for the time specified in the cookie files parameters or until removal thereof by the User.
In the Service, the following types of cookies are being used:
- the “essential” cookies, enabling the use of the services available through the Service, e.g. authentication cookie files used for services that require authentication through the Service;
- the cookies used to ensure safety, e.g. used to detect misuses in the field of authentication through the Service;
- the “performance” cookies, enabling the collection of information about the manner of using the websites of the Service;
- the “functional” cookies, enable to “remember” the settings chosen by the User and personalize the User’s interface, e.g. in terms of the chosen language or region the User comes from, the font size, the design of the website, etc.
How to block cookies?
In many cases, web browsers allow to store cookies in the User’s terminal device by default. Service Users may change the settings for cookies at any time, for example in order to block the automatic enabling of cookies or to inform the User about tchem being enabled into the Service User’s device. Detailed information about the possibilities and ways of enabling cookies are available in the browser settings or at the following websites:
In addition, the User can block the sharing of Google Analytics about their activity on the Website using the solutions available here: https://tools.google.com/dlpage/gaoptout.
The Data Controller hereby informs that the limitations of using cookie files may affect some functions available on the Service websites.