The controller of the data processed for the purposes indicated in this document (Sections 2 and 3 below) is “Loyalty Point Sp. z o.o.” (hereinafter referred to as the “Controller”).
The Controller can be contacted quickly and effectively at the Controller's office at ul. Klimczaka 1, 02-797 Warsaw at the indicated telephone number: 22 608 52 70 and by email: firstname.lastname@example.org
If you contact the Controller, you may be asked for additional information to verify your identity.
Table of Contents
The Personal Data mean any information relating to an identified or identifiable natural person (“data subject”). This will include data such as name, address, date of birth, telephone number or email address (this list is not exhaustive).
The Personal Data are processed in accordance with the GDPR, i.e. REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
You have the right to:
Right to object
(See more about your rights at: www.uodo.gov.pl). We also encourage you to read the leaflet on your rights available at https://www.gov.pl/cyfryzacja/rodo-informator.
You can exercise your rights in person at the Controller's office, by mail or email (see above for the Controller's contact details).
In response to your request, you may be asked to provide the data necessary to identify your Personal Data (among others, to find them) or to verify your identity (confirming that you are the person you claim to be). In this case, only the Personal Data will be processed to the extent necessary to document the proper performance of the obligations related to the request (including proper documentation of withdrawal of consent) for the purposes of defence against claims (Article 6(1)(f) of the GDPR, the so-called legitimate interest of the Data Controller) and to fulfil the obligations arising from the GDRP (including ensuring accountability under Article 6(1)(c) of the GDPR). For these purposes, the data will be processed, at the latest, until the end of the period of limitation of potential claims related thereto.
According to the GDPR, the information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.
If the Personal Data are processed on the basis of consent (e.g. using the image for promotional purposes - see more in Section 2), remember that:
Your Personal Data will only be accessed by authorised employees/cooperators acting on the Controller's instructions. The data may also be disclosed to service providers, e.g. IT service providers supporting the Controller's purposes listed below (after the conclusion of relevant data processor agreements). The data may also be disclosed to the recipients that are separate Data Controllers, e.g. public administration bodies, at their request.
For the details on the purposes of disclosure, see below in the parts discussing different purposes of data processing (see Sections 2 and 3).
The provision of data is, in principle, voluntary. Whenever the provision of data is:
As a rule, the Controller collects data directly from you.
We use other sources to collect the data for the purpose of tax verification of business partners, using publicly available sources (e.g. National Court Register (KRS) / Central Registration and Information on Business (CEIDG) / registers of taxpayers published by public administration bodies), at the stage of conclusion and performance of the agreement. When we obtain data from another source, you will be informed about this separately and clearly.
The Controller processes only regular data, including contact details indicated in Section 1.7.
We do not process special categories of data, i.e. the information that could disclose: racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
The Application may contain links to other websites. Such websites operate independently of the Application and are not in any way supervised by the Controller. These websites may have their own privacy policies and regulations, and we recommend that you read them.
Data protection rules for social media accounts (administration of fanpages on Facebook and other social media sites)
Purposes of use of Personal Data:
The basis for data processing:
(as regards obtaining information on other users) - Article 6(1)(f) of the GDRP, i.e. the legitimate interest of the Data Controller.
Categories of collected data:
The data visible by default on Facebook (or another portal, respectively):
Name or alias;
Profile photo or avatar;
Presentation of messages;
Data made public by the user as part of his/her general Facebook settings;
Data on the use of the platform to create anonymous statistics.
Facebook users (or other social media site users)
Facebook (or other social media site)
Voluntary provision of data
The provision of data is voluntary. The user makes his/her own decisions in this respect. You must be a member of a social network to use personalised information, social networking features or online response services.
Access to data between users is governed by the rules of the social media site in question.
Transfers outside the EU
The publications will be available outside the European Union due to their presence on Facebook. The data necessary to compile the statistics may be processed outside the European Union in accordance with the data management policy implemented by Facebook (or another social media site).
Duration of data processing
The data are stored for the duration of the existence of the social media account in question, except for the exercise of the data subject's right to delete or object.
The cookies are small text files that are placed on your computer by websites you visit. They are commonly used to improve the functioning of websites or to increase their performance, as well as to provide information to website owners. The table below explains the cookies we use and why.
We use the following categories of cookies: session and permanent cookies.
Taking into account the purpose of using the files, the Controller uses two categories of cookies: “required” and “optional” cookies for the following purposes:
1. “Required” cookies - in order and to the extent necessary to display the website correctly. It is about providing basic functions such as security, network management and accessibility. You can turn them off by changing your browser settings, but this may affect the functioning of the website.
For this purpose, permanent cookies may be used on www.datascience.house
2. “Optional” cookies:
a) analytical -> to study the preferences of the people using our website for the purpose of improving our website performance;
b) social media plug-ins -> for marketing purposes to display personalised ads on social media pages
For this purpose, session cookies may be used on www.datascience.house
The use of this category of cookies is based on your consent.
The data indicated are not combined with information such as your name, email address and other data that makes it possible to easily identify you as a visitor to the website.
Analytical cookies (of third parties):
Designation of cookies
Google Analytics / Provider: Google inc.
These cookies are used to collect information about how visitors use our website. We use this information to create reports and help us improve the website. The cookies collect information in a way that does not directly identify anyone, including the number of visitors to the website and blog from which the visitors accessed the website and the pages visited.
Read Google's overview of privacy and data protection at https://support.google.com/analytics/answer/6004245
The data processing is entrusted to the data processor. The data processor agreement is available at: https://privacy.google.com/businesses/processorterms/
The service may involve data transfers outside the EEA and Switzerland, mainly to the United States. To this end, Google ensures the security of the data flow through:
- participation in the Privacy Shield program: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI
Provider: Google inc.
This tool is used to manage tags in order to obtain detailed statistics on the use of the Website and to optimise the Website.
You can withdraw your consent at any time and stop the installation and collection of data through cookies. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Most browsers offer the option of accepting or rejecting all cookies. You can also easily change cookie settings in your browser settings. Remember that blocking all cookies on the Website may cause difficulties in its functioning or make it completely impossible to use certain functionalities of our Website.
The management and deletion of cookies varies depending on the browser you are using. For more detailed information, please use the Browser Help function or visit http://www.allaboutcookies.org, which explains step-by-step how to control and delete cookies in most browsers.
You can see information about individual browsers on the following websites:
To opt out of Google Analytics on all websites, visit: http://tools.google.com/dlpage/gaoptout
Even if the cookies are not installed, the website administrator may access the following data characterising the use of the website (hereinafter referred to as: other usage data):
In order to ensure the highest quality of the website, we occasionally analyse log files to determine: which pages are most often visited, which web browsers are used, whether the website structure is error-free, etc.
The usage data are not combined with information such as your name, email address and other data that makes it possible to easily identify you as a visitor to the website.
The information collected through cookie mechanism and usage data may constitute Personal Data within the meaning of the GDPR in certain exceptional situations. If the information indicated above is qualified as Personal Data, the Controller is the Personal Data Controller. Even if there are doubts whether a certain category of information belongs to Personal Data, the Controller introduces mechanisms to protect this information in the same way as Personal Data.
The processing of these categories of data to the extent that it is necessary for the correct performance of the website (“required” cookies) is based on the so-called legitimate interest of the Controller (Article 6(1)(f) of the GDPR. In order to do this:
In the above cases, you have the right to object (when data are processed under Article 6(1)(f) of the GDRP).
By agreeing to install “optional” cookies (e.g., analytical cookies provided by Google Analytics / marketing cookies), you acknowledge that the information collected in this way will be used to study the preferences of people using our website for the purpose of improving our website performance. In this case, the basis for data processing is Article 173(2) of the Telecommunications Law (Journal of Laws of 2004, No. 171, item 1800) in connection with Article 6(1)(a) of the GDRP. As indicated in Article 174 of the Telecommunications Law, the provisions on the protection of Personal Data apply to obtaining the consent of the subscriber or end user.
You can withdraw your consent and delete cookies from your device at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Data recipients: IT companies providing services to the Controller.
Personal Data will be deleted or anonymised at the latest after the expiration of the period of limitation of potential claims related to the use of the website (no later than 1 year from the date of fixation), or earlier if you make an effective objection. The provision of data is voluntary, but necessary to achieve the above mentioned purposes.