Privacy policy
1. This privacy policy sets out the rules for the processing of personal data at SoftCOM spółka jawna Piotr Szuba Tomasz Wierzbowski spółka z ograniczoną odpowiedzialnością in the event of using the website available at: www.iksoris.pl, hereinafter referred to as the Website, contacting SoftCOM spółka jawna Piotr Szuba Tomasz Wierzbowski by telephone, e-mail or post.
2. The Data Controller of your Personal Data is SoftCOM spółka jawna Piotr Szuba Tomasz Wierzbowski with its registered office in ul. Buforowa 115, 52-131 Wrocław, entered in the register of businesses of the National Court Register kept by the District Court in Wrocław, VI Commercial Division of the National Court Register, as KRS number: 0000139266, Taxpayer Identification Number (NIP): 8951781314, National Business Registry Number (REGON): 932843464 hereinafter referred to as the Data Controller.
3. Any enquiries, requests, complaints regarding the processing of personal data by the Personal Data Controller, hereinafter referred to as Notifications, should be addressed to the following e-mail address: iod@softcom.wroc.pl or in writing to Buforowa 115 Street, 52-131 Wrocław. The content of the notification shall clearly indicate:
a) the details of the person or persons concerned by the Notification,
b) the event that gives rise to the Notification,
c) state its demands and the legal basis for those demands,
d) indicate how the case is expected to be handled.
b) the event that gives rise to the Notification,
c) state its demands and the legal basis for those demands,
d) indicate how the case is expected to be handled.
4. The Data Controller collects the following personal data:
a) first name and surname - may be processed if you provide it to us by e-mail, telephone or by post,
b) telephone number - this may be processed if you contact us by telephone, or if you provide it to us by e-mail of the registration form available on our Website or by post,
c) your e-mail address - this may be processed if you provide it to us by e-mail, postal mail or when contacting us by telephone,
d) IP address of the device and potentially personal data contained in cookies - information resulting from the general principles of Internet connections, such as IP address (and other information contained in system logs), is used for technical and statistical purposes, including in particular the collection of general demographic information (e.g. about the region from which the connection is made). This type of data is also used for marketing and analytical purposes if consent is given under article 173 paragraph 1 of the Telecommunications Act,
e) Taxpayer Identification Number (NIP) and company name - necessary for the issuance of all invoices and other documents,
f) other data may be collected as part of the conduct of specific cases or may be provided by e-mail, post or telephone contact.
5. The source of the Data Controller's processing of Personal Data shall be data subjects.
6. Each person who provides data to the Data Controller has a choice as to whether and to what extent he or she wishes to use our services and share information and data about himself or herself, to the extent set out in the contents of this Privacy Policy.
7. We process personal data for:
a) conclude and perform contracts with individuals in connection with the services we offer (article 6(1)(b)GDPR ) - in this respect, data will cease to be processed once the contract in question has been fulfilled,
b) to conclude and perform contracts with in connection with the services we offer (article 6(1)(f) GDPR) - in this respect, the data will cease to be processed once the contract in question has been fulfilled,
c) ongoing communication (article 6(1)(f) of the GDPR) - in this regard, your personal data will cease to be processed when the question or questions concerned are answered,
d) to maintain a business relationship with the Data Controller - (article 6(1)(f) GDPR) - in this respect your personal data will cease to be processed when you withdraw your consent,
e) to comply with legal obligations incumbent on the Controller Data, in particular record keeping, invoicing, etc. (article 6(1)(c) of the GDPR) - in this respect, personal data will be deleted once the specified legal obligations have been fulfilled,
f) the operation of the Website (article 6(1)(f) GDPR in conjunction with article 173(1) of the Telecommunications Act) - in this regard, personal data will cease to be processed when a cookie expires, when cookies are deleted or when the relevant session ends, respectively,
g) to carry out analytics on the Website in connection with the use of cookies (article 6(1)(a) GDPR) - in this regard, personal data is processed until the end of the session or the deletion of cookies by the user, the withdrawal of consent or until an effective objection to processing for this purpose is raised,
h) to establish, assert or defend against claims (article 6(1)(f) GDPR, the legitimate interest of the Data Controller) - in this respect, personal data will be deleted when the claims in question expire, but as a general rule after the expiry of the 3-year limitation period for claims.
8. For the purposes of ongoing communication and maintenance of business relations between the Data Controller of this Website, there is a co-administration relationship with a company operating under the name Ticketing Solutions spółka z ograniczoną odpowiedzialnością, based in Wrocław. The co-administration consists in joint operation of the CRM system developed by SoftCOM Spółka Jawna, Piotr Szuba, Tomasz Wierzbowski.
9. Personal data may be made available to the company operating under the name of Ticketing Solutions spółka z ograniczoną odpowiedzialnością, which provides technical support for the iKSORIS system for the purpose of fulfilling requests and responding to queries from persons using the iKSORIS system. The rules for the processing of personal data by the company Ticketing Solutions spółka z ograniczoną odpowiedzialnością are available at: https://www.strefaklienta.iksoris.pl/index/polityka-prywatnosci
10. Personal data may be entrusted for processing to entities that process such data on our behalf as Data Controller. In such a situation, we as the Data Controller shall enter into an entrustment agreement with the processor for the processing of personal data. The processor shall process the entrusted personal data only for the purposes, to the extent and for the purposes indicated in the entrustment agreement referred to in the preceding sentence. Without the entrustment of personal data for processing, we would not be able to carry out our activities. As a Data Controller, we entrust personal data for processing to the following entities in particular:
a) IT companies providing data hosting services and maintaining the computer systems of the Data Controller.
11. In the course of operating the Website, the Data Controller uses the tools of Google Ireland Ltd (Google Analytics). As a general rule, the data processed through the use of these tools is processed on servers located within the The European Economic Area (EEA). However, the providers of these tools may be obliged to transfer data to third countries if such an obligation is imposed on them by law or is necessary due to the characteristics of the services provided (data hosting, etc.). The scope of personal data transferred in this regard refers exclusively to potential personal data contained in cookies. The legal bases for the processing of the personal data indicated in the preceding sentence are indicated in points 5(f) and 5(g) of this Policy. As importers of personal data, Google Ireland Ltd. complies with the criteria of the Adequacy Decision and participates in the EU-US Data Privacy Framework and are on the list available at: https://www.dataprivacyframework.gov/s/participant-search
12. In the course of operating the Website, the Data Controller uses the tools of Amazon Web Services EMEA SARL sp. z o.o. branch in Poland (Amazon Web Services). As a rule, the data processed through the use of this tool is processed on servers located within the EEA. However, providers of this tool may be obliged to transfer data to third countries if such an obligation is imposed on them by law or is necessary due to the characteristics of the services provided (data hosting). The scope of the personal data transferred in this regard refers exclusively to the potential personal data of newsletter subscribers. The legal bases for the processing of the personal data indicated in the preceding sentence are indicated in points 5 a, b, c, d, e and f of this Policy. As an importer of personal data, Amazon Web Services EMEA SARL sp. z o.o. branch in Poland complies with the criteria of the Adequacy Decision and participates in the EU-US Data Privacy Framework and is included in the list available at: https://www.dataprivacyframework.gov/s/participant-search
13. Personal data shall not be subject to profiling by us as a Data Controller within the meaning of the provisions of the GDPR.
14. In accordance with the provisions of the GDPR, any person whose personal data we process as a Data Controller has the right to:
a) to be informed of the processing of personal data referred to in article 12 of the GDPR,
b) access to their personal data, as referred to in article 15 of the GDPR,
c) the rectification, completion, updating, amendment of personal data referred to in article 16 of the GDPR,
d) the erasure of data (right to be forgotten) referred to in article 17 of the GDPR,
e) the restriction of processing referred to in article 18 of the GDPR,
f) data portability as referred to in article 20 of the GDPR,
g) to object to the processing of personal data, as referred to in article 21 of the GDPR,
h) where the legal basis is consent, the right to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal, as referred to in article 7(3) of the GDPR,
i) not to be subject to the profiling referred to in article 22 in conjunction with article 4 point 4 of the GDPR,
j) to lodge a complaint with the supervisory authority (i.e. the President of the Office for the Protection of Personal Data) referred to in article 77 of the GDPR.
15. If you wish to exercise your rights under the preceding paragraph, please send a message by e-mail to the e-mail address or in writing to the postal address indicated in point 3.
16. Each identified security breach shall be documented and, in the event of the occurrence of one of the situations set out in the provisions of the GDPR or the Act, the data subjects and, if applicable, the President of the Data Protection Authority shall be informed of such security breach.
17. The Cookies Policy of the Website is a separate document available at the following address: https://www.iksoris.pl/polityka-plikow-cookies.html.
18. In matters not regulated by this Privacy Policy, the relevant provisions of generally applicable law shall apply accordingly. In the event of any inconsistency between the provisions of this Privacy Policy and the aforementioned regulations, these regulations shall prevail.