The Policy is for information purposes and serves satisfaction of the information obligations imposed on the data controller under GDPR, i.e. Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
1.PERSONAL DATA CONTROLLER
1.1. The Controller of personal data of persons using the Services and the Platform is the Service Provider, i.e. Funwisher sp. z o.o. S.K.A. with its registered office in Warsaw at ul. Krucza 50, entered in the register of entrepreneurs of the National Court Register (KRS) maintained by the District Court for the capital city of Warsaw in Warsaw, 12th Commercial Division of the National Court Register under number KRS: 0000720764, Tax Identification Number NIP: 7010805200, National Business Registry Number REGON: 369573017 (e-mail email@example.com).
1.2. The Data Controller has also appointed the Data Protection Officer. Contact details of the Data Protection Officer: firstname.lastname@example.org
2.DATA PROCESSING METHOD
2.1. The purpose and scope of the processed personal data are determined by the scope of consents and provided data sent by means of a relevant form. The processing of personal data of Users or Recipients may concern first and last name, e-mail address, phone number, computer IP address, Tax Identification Number NIP or VAT ID, place of business, image and data collected by Google Analytics and other data necessary for the provision of services in accordance with the Terms of Service.
2.2. Providing personal data is voluntary, but failure to provide the personal data marked in the form as obligatory will prevent the Service Provider from providing Services and performing Agreements. Due to the nature of services provided by the Service Provider, they cannot be provided anonymously.
2.3. Personal data of Users will be processed for the following purposes:
2.3.1. implementation of legal provisions—the legal basis is the statutory authorization to process data necessary to act in line with the law (Article 6.1(c) of the GDPR);
2.3.2. performance of agreements and provision of services by electronic means through the Platform—the legal basis is the statutory authorization to process data which are necessary to perform an agreement if the data subject is a party to such agreement, or if it is essential for undertaking certain actions prior to the conclusion of an agreement upon request of the data subject (Article 6.1(b) of the GDPR);
2.3.3. consideration of filed claims and complaints and optimization of performances of the Platform—the legal basis for processing is a legally legitimate interest executed by the Service Provider (Article 6.1.(f) of the GDPR) which consists in due conduct of business activity;
2.3.4. promotional and commercial actions carried out by the Service Provider—the legal basis is a legitimate interest executed by the Service Provider (Article 6.1.(f) of the GDPR) or voluntary consent (Article 6.1(a) of the GDPR);
2.4. Personal data of Users will be processed for the following purposes:
2.4.1. creation and sharing of Films—the legal basis for processing is a legitimate interest executed by the Service Provider (Article 6.1.(f) of the GDPR) which consists in commitment to perform the Agreement concluded with the User who provided Recipient’s data;
2.4.2. provision of Platform functionalities—the legal basis for processing is a legitimate interest executed by the Service Provider (Article 6.1.(f) of the GDPR) which consists in commitment to perform the Agreement concluded with the User who provided Recipient’s data;
2.5. If the Service Provider is advised that the User uses the Services in violation of the Terms of Service or applicable provisions of the law (unauthorized use), then the Service Provider may process User’s personal data in a scope required for establishing the liability of the User.
2.6. User’s personal data will be processed for a time necessary to prove the correct provision of the Service (such time corresponds to the period of limitation of claims) or in the case of the Agreement against the charge—the time prescribed by accounting provisions and will be deleted upon the lapse of the said time unless their processing is necessary on the basis of another legal basis. In the case of marketing actions, personal data will be processed until the User objects to the further processing of personal data for marketing purposes or until the User withdraws the consent to be sent messages with such content.
2.8. The Service Provider does not transfer personal data to third countries.
3.RECIPIENTS OF DATA
3.1. The Service Provider may entrust the processing of personal data to third parties for the purpose of performance of the activities indicated in the Terms of Service and service of the User. In such a case, the recipients of User’s and Recipient’s data may involve: the provider of hosting for the Platform, the company providing technical support for the purpose of providing Services (a software development company), accounting firm, the provider of a system for online payments, the provider of a system for invoice management and companies providing for delivery of the Film, e.g. a printing house, post office.
3.2. The personal data collected by the Service Provider may also be disclosed to competent state bodies upon their request on the basis of relevant provisions of the law, or other persons and entities—in the cases prescribed in the law.
3.3. Each entity to which the Service Provider transfers User’s or Recipient’s personal data for processing on the basis of a personal data transfer agreement (hereinafter referred to as “Transfer Agreement”) guarantees an adequate level of security and confidentiality of the processing of personal data. The entity processing User’s or Recipient’s personal data on the basis of the Transfer Agreement may process User’s or Recipient’s personal data through another entity only upon prior written consent of the Service Provider.
4.RIGHTS OF DATA SUBJECT
4.1. Each User and Recipient has the right to (a) delete the collected personal data referring to him/her both from the system belonging to the Service Provider as well as from bases of entities which have co-operated with the Service Provider, (b) restrict the processing of data, (c) portability of the personal data collected by the Service Provider and referring to the User, in this to receive them in a structured form, (d) request the Service Provider to enable him/her access to his/her personal data and to rectify them, (e) object to processing, (f) withdraw the consent towards the Service Provider at any time without affecting the legality of the processing carried out on the basis of the consent before it is withdrawn, (g) lodge a complaint about the Service Provider to the supervisory authority (President of the Personal Data Protection Office).
5.PERSONAL DATA OF CHILDREN
5.1. In the cases subject to Article 6.1.(a) of the GDPR it is legal to process personal data of a child over the age of 16. If the User is below the age of 16, such processing is legal only if a person who exercises parental authority or care over the child gives his/her respective consent or approval and only in the scope of the expressed consent.
5.2. The Platform may not be used by persons below the age of 13.
6.1. The Website may store http enquiries, therefore the files containing web server logs may store certain data, including the IP address of the computer sending the enquiry, the name of User’s station—identification through http protocol, if possible, date and system time of registration on the Platform and receipt of the enquiry, number of bytes sent by the server, the URL address of the site visited by the User before if the User has entered the service through a link, information concerning User’s browser, information concerning errors occurred by the realization of the http transaction. Web server logs may be collected for the purposes of the proper administration of the Website. Only persons authorised to administer the IT system have access to data. Files containing web server logs may be analysed for the purposes of preparing statistics concerning traffic on the Platform site and occurring errors. Summary of such details does not identify the User.
7.1. The Service Provider applies technological and organisational means in order to secure the processed personal data corresponding to the threats and category of data to be secured, in particular, through technical and organisational means the Service Provider secures data against being published to unauthorised persons, taken over by an unauthorised person, processed in violation of the law and changed, lost, damaged or destroyed; among others the SSL certificates are applied. Users’ and Recipients’ personal data are collected and stored on a secured server, moreover, the data are secured by Service Provider’s internal procedures related to the processing of personal data and information security policy.
7.2. The Service Provider has also implemented appropriate technical and organisational means, such as pseudonymisation, designed to effectively enforce the data protection principles, such as data minimisation, and for the purpose of providing the processing with necessary safeguards, so as to meet the GDPR requirements and protect the rights of data subjects.
7.3. At the same time, the Service Provider states that using the Internet and services provided by electronic means may pose a threat of malware breaking into User’s teleinformatic system and device, as well as any other unauthorised access to the User’s data, including personal details, by third parties. In order to minimise such threats, the User should use appropriate technical security means, e.g. using updated antivirus programs or programs securing identification of the User in the Internet. In order to obtain detailed and professional information related to security in the Internet, the Service Provider recommends taking advice from entities specializing in such IT services.
8.1. In order to ensure correct operation of the Platform, the Service Provider uses cookie support technology. Cookies are packages of information stored on the User’s device through the Platform, usually containing information corresponding to the intended use of a particular file, by means of which the User uses the Platform – these are usually: address of the website, date of publishing, lifetime of a cookie, unique number and additional information corresponding to the intended use of the particular file.
8.2. The Website uses two types of cookies: (a) session cookies, which are permanently deleted upon closing the session of User’s browser; (b) permanent cookies, which remain on User’s device after closing the session until they are deleted.
8.3. It is not possible to identify the User on the basis of cookie files, whether session or permanent. The cookie mechanism prevents collecting any personal data.
8.4. The cookies used on the Platform are safe for User’s device, in particular they prevent viruses or other software from breaking into to the device.
8.5. Files generated directly by the Service Provider may not be read by other websites. Third-party cookies (i.e. cookies provided by entities co-operating with the Service Provider) may be read by an external server.
8.6. The User may individually change the cookie settings at any time, stating the conditions of their storage, through the Internet browser settings or configuration of the service.
8.7. First of all, the User may disable storing cookies on his/her device in accordance with the instructions of the browser producer, but this may disable certain parts of or the entire operation of the Platform.
8.8. The User may also individually remove cookies stored on his/her device at any time in accordance with the instructions of the browser producer.
8.9. The Service Provider uses own cookies for the following purposes: authentication of the User on the Website and preserving User’s sessions; configuration of the Platform and adjustment of page content to the preferences or conduct of the User; analysis and research of views, click number and path taken on the website to improve the appearance and organisation of content on the website, time spent on the website, number and frequency of visits on the Website, as well as display of appropriate content by external partners providing affiliation services.
8.10. We use third-party cookies for the following purposes: preparing statistics (anonymous) for the purposes of optimising functionality of the Platform by means of analytic tools such as Google Analytics; using interactive functions by means of social networks, in this facebook.com, instagram.com.
8.11. Details concerning cookie support are available in the settings of the browser used by the User.