Privacy policy

PRIVACY POLICY OF WWW.XCITSTUDIO.COM WEBSITE

  1. The Administrator of Personal Data of: www.xcitstudio.com website, hereinafter referred to as Internet Service, is X-Coding IT Studio Sp. z o.o. with its registered office at the address: Czysta 4/2-20, 50-013 Wrocław, entered into the register of entrepreneurs of the National Court Register kept by the District Court in Wrocław, IV Commercial Division of the National Court Register, under KRS number: 0000526129, NIP: 8971802686, REGON: 022501357.
  2. Respecting your rights as personal data subjects (data subjects) and respecting applicable laws, including in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016. on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (general data protection regulation), hereinafter referred to as GDPR, the Act of 10 May 2018 on the protection of personal data (Journal of Laws, Act Item 1000, hereinafter referred to as Act) and other relevant provisions on the protection of personal data, we undertake to maintain the security and confidentiality of the personal data collected from you. All employees have been properly trained in the processing of personal data, and our company as the Personal Data Controller has implemented appropriate security measures and technical and organizational measures to ensure the highest level of personal data protection. We have implemented procedures and policies for the protection of personal data in accordance with GDPR, thanks to which we ensure compliance with the law and reliability of data processing, as well as enforceability of any rights you may have as data subjects. Additionally, if necessary, we cooperate with the supervisory authority in the Republic of Poland, i.e. with the Inspector General for the Protection of Personal Data (hereinafter referred to as PUODO).
  3. Any inquiries, requests, complaints regarding the processing of personal data by our company (Personal Data Administrator), hereinafter referred to as Applications, should be sent to the following e-mail address: contact@xcitstudio.com or in writing to the address of the Personal Data Administrator i.e. X-Coding IT Studio Sp. z.o.o., ul. Czysta 4/2-20, 50-013 Wrocław. The contents of the Application should be clearly indicated:
    • data of a person or persons concerned by the Notification,
    • an event that caused the Report,
    • submit their claims and the legal basis for those claims,
    • indicate an expected way of settling the matter.
  4. We collect the following personal data on our Website:
    • first name and last name – your first name and last name will be necessary for us if you send us a query (via the Contact Form or Chat), it will allow us to determine more quickly and efficiently where the question comes from, but it is not obligatory, it is enough to provide a name of a sender, e.g. name of your company,
    • telephone number – you will be asked to provide your telephone number when sending us an inquiry via our contact form on our website, but this is not obligatory, it will only make it easier for us to contact you,
    • e-mail address – you will be asked to provide your e-mail address if you send us a query (via the contact form or chat), this is an obligatory element thanks to which we can answer your questions. If you are a subscriber of our newsletter, we will also send you commercial information once/twice a month,
    • IP address of the device – information resulting from general rules of Internet connections such as IP address (and other information contained in system logs) are used by the administrator of the Website for technical purposes. IP addresses may also be used for statistical purposes, in particular, to collect general demographic information (e.g. about the region from which the connection is made),
  5. Providing the data indicated in the preceding point is necessary in the following cases:
    • in order to use the services like Contact Form or Chat (use of services without logging in/registration of an account) available on the Website,
    • in order to provide the service (subscription) of a newsletter – if you want to be informed about interesting events and commercial offers, you can become a subscriber of the newsletter conducted by us; joining the subscription is voluntary and at any time you can unsubscribe from it.
  6. Our website uses the technology of Cookies in order to adapt its functioning to your individual needs. You may therefore consent to your data and information is being stored so that it can be used for future visits to our website without having to enter it again. The owners of other websites will not have access to this data and information. However, if you do not agree to personalize the Website, we suggest that you disable the use of cookies in your browser options.
  7. Each of you, as users of our Website, has the opportunity to choose whether and to what extent you wish to use our services as well as share information and data about yourself to the extent specified in this Privacy Policy.
  8. Your personal data is processed by our company as a Personal Data Administrator in order to provide services to you (i.e. the data subjects) offered within the Website. In accordance with the principle of minimization, we process only those categories of personal data that are necessary to achieve the purposes referred to in the preceding sentence.
  9. We process your personal data for the time necessary to achieve the purposes listed in the preceding section. Personal data may be processed for a longer period than indicated in the preceding sentence, if such right or obligation imposed on the Personal Data Administrator results from specific provisions of law or if the service we provide is of a continuous nature (e.g. subscription to a newsletter).
  10. The source of Personal Data processed by the Personal Data Controller are the data subjects.
  11. Your personal data will not be transferred to a third party within the meaning of GDPR.
  12. We do not share any personal data with third parties without the explicit consent of the data subject. Personal data without the consent of the data subject may be made available only to entities governed by public law, i.e. authorities and administration authorities (e.g. tax authorities, investigative authorities and other entities authorized by generally applicable laws).
  13. Personal data may be entrusted to entities processing such data on behalf of our company as the Administrator of Personal Data. In such a situation, as the Personal Data Controller, we conclude an agreement with the entity processing personal data. The processor processes the entrusted personal data, but only for the needs, within the scope and for the purposes indicated in the entrustment agreement referred to in the preceding sentence. Without entrusting your personal data for processing, we would not be able to carry out our activity on the Website. As the Administrator of Personal Data, we entrust personal data for processing to entities:
    • providing hosting services for the website on which our internet service operates,
    • providing other services to us as the Administrator of personal data, which are necessary for the current functioning of the Website.
  14. Personal data are not subject to profiling by the Personal Data Administrator.
  15. In accordance with the provisions of the GDPR, every person whose personal data we process as the Administrator of Personal Data has the right to:
    • be informed about the processing of personal data ,referred to in Article 12 of the GDPR- the Administrator is obliged to provide you, as the persons whose data will be processed, with the information specified in the GDPR (e.g. their data, the DPO’s contact details, the purposes and legal grounds for processing personal data, the recipients or categories of recipients of personal data, if any, or the period for which the data will be processed, or the criteria for determining this period); this obligation must be fulfilled already at the time of collection, and if the data is not obtained from the data subject but from another source, within a reasonable period, depending on the circumstances; the controller may refrain from providing this information, if the data subject already has it,
    • access to their personal data, referred to in Article 15 GDPR – If you provide us with personal data, you have the right to inspect and access them; however, this does not mean that you have the right to access all documents on which your data may appear because they may contain confidential information; however, you have the right to information which of your data and for what purpose we process and the right to obtain a copy of your personal data, the first copy being given free of charge, and for each subsequent copy in accordance with the provisions of the GDPR we charge an appropriate administration fee corresponding to the cost of making a copy,
    • correct, supplement, update, rectify personal data, referred to Article 16 of the GDPR – If your personal data has changed, please inform us as Personal Data Controller so that the data we hold is true and up to date; even if there has been no change in personal data, but for any reason the data is incorrect or has been recorded incorrectly (e.g. as a result of a typographical error), please inform us in order to correct or to rectify such data,
    • delete data (right to be forgotten), referred to Article 17 of the GDPR– In other words, you have the right to request the “deletion” of data held by us as the Administrator of Personal Data and the right to apply to us as the Administrator of Personal Data, so that we inform other administrators to whom we have provided your data about the need to delete them. You may request the deletion of your personal data, first of all, when:
      • the purposes for which personal data have been collected, e.g. we have fully completed a sales agreement concluded with you,
      • The processing of your personal data is based solely on your consent, which has subsequently been revoked and there are no other legal grounds for further processing of your personal data, e.g. if you unsubscribe from the newsletter subscription and no longer use our offer in any other way,
      • you have objected on the basis of Article 21 of the GDPR and you believe that we do not have any overriding legal basis allowing for further processing of your personal data,
      • Your personal data has been processed illegally, i.e. for illegal purposes or without any basis for processing your personal data – please remember that in such a case you must have a basis for your request,
      • the need to delete your personal data results from the provisions of law,
      • personal data concerns a juvenile and have been collected in connection with the provision of information society services,
    • restrictions on processing , referred to Article 18 of the GDPR – you can contact us with a request to limit the processing of your personal data (which would consist in the fact that until the dispute is resolved, our company would only store it), if:
      • you question the accuracy of your personal data, or
      • you believe that we process your data without a legal basis, but at the same time you do not want us to delete your personal data (i.e. you do not exercise the right referred to in the preceding paragraph), or
      • you have lodged an objection as referred to in subparagraph (f) of this point, or
      • Your personal data is needed to establish, assert or defend claims, e.g. in court,
    • data transfer, referred to Article 20 of the GDPR – you have the right to obtain your data in a format that makes it possible to read the data on a computer and the right to send the data in that format to another controller; this right only applies to you if the processing of your data was based on your consent (e.g. subscription to a newsletter) or if the data were processed automatically.
    • object to the processing of personal data, referred to Article 21 of the GDPR –You have the right to object if you do not agree to our processing of personal data that we have already processed for legitimate, lawful purposes; in particular, you have the right to object to the processing of your personal data for direct marketing purposes (e.g. subscription to a newsletter),
    • not subject to profflation , referred to in Article 22 in connection with Article 4 paragraph 4 of the GDPR – on our Website you will not be subject to automated decision making or profiling in the sense of the GDPR, unless you have consented to it; in addition, we will always inform you about profiling if it is to take place,
    • filing a complaint with the supervisory authority (i.e. to the President of the Office for Personal Data Protection), referred to in Article 77 GDPR- if you believe that we process your personal data unlawfully or in any way violate the rights under the generally applicable data protection laws.
  16. With regard to the right to delete data (the right to be forgotten), we would like to point out that according to the provisions of the GDPR, you do not have the right to exercise this right if:
    • the processing of your personal data is necessary to exercise your right to freedom of expression and information, e.g. if you have posted your data on a blog, in comments, etc.
    • the processing of personal data is necessary for our company to comply with legal obligations arising from the law – we cannot delete your data for the period necessary to comply with obligations (e.g. tax), which are imposed on us by law,
    • the processing of your data is carried out for the purpose of asserting, establishing or defending claims.
  17. If you wish to exercise your rights referred to in the preceding point, please send an e-mail to contact@xcitstudio.com or in writing to the correspondence address referred to in the preceding paragraph 3 above.
  18. Each identified security violation is documented, and if one of the situations described in the GDPR or the Act occurs, the data subjects are informed of such a violation of the data – and, if relevant – PUODO.
  19. Any capitalized words have the meaning given to them in the Privacy Policy of the Website.
  20. In matters not regulated by this Privacy Policy, the relevant provisions of generally applicable law shall apply. If the case of this Privacy Policy provisions being inconsistent with these provisions, these provisions shall take precedence.