Privacy Policy

BASIC INFORMATION ABOUT THE ADMINISTRATOR

  1. This Privacy Policy (hereinafter referred to as the “Policy”) specifies how we use and process the personal data of users using the website or user accounts created on the Esteamate.co website (hereinafter referred to as the “Users”). The Policy also contains information about the cookies used on our website.
  2. The administrator of your personal data is DIGITAL LEGAL Spółka z ograniczoną odpowiedzialnością with its registered office in Gdynia (registered office address and delivery address: ul. Starowiejska 16/1, 81-356 Gdynia), e-mail address: [email protected] (hereinafter referred to as the “Administrator”).
  3. The Administrator has appointed a Personal Data Protection Inspector, whom you can contact at the e-mail address: [email protected].
  4. The services available on our Website cannot be used by children under 16 years of age, therefore we do not envisage the intentional collection of their personal data.

DEFINITIONS

  1. Personal data is any information relating to an identified or identifiable natural person (including those conducting business activities). An identifiable natural person is a person who can be directly or indirectly identified, in particular on the basis of an identifier such as name and surname, identification number, location data, internet identifier or one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person.
  2. Sensitive personal data – special categories of data specified in art. 9 of the GDPR, including: data revealing racial or ethnic origin, political opinions, religious or ideological beliefs, trade union membership; genetic data, biometric data processed for the purpose of unambiguously identifying a natural person; data concerning the health, sexuality or sexual orientation of a person; as well as personal data concerning convictions and violations of law, referred to in art. 10 of the GDPR.
  3. User – means any person using the Service who has set up a user account on the Service.
  4. Data Protection Inspector (Inspector) – a person appointed by the Personal Data Administrator pursuant to art. 37 of the GDPR, who performs the tasks of monitoring compliance with the provisions on personal data protection in DIGITAL LEGAL Sp. z o. o., specified in art. 39 of the GDPR.
  5. Data Recipient – ​​an entity to which personal data are made available.
  6. Authorized Person – a person authorized to process personal data by the Personal Data Administrator or a person authorized by him, who has direct access to personal data processed in the IT system.
  7. Processing Entity – an entity to which DIGITAL LEGAL Sp. z o. o. entrusts the processing of personal data on its behalf.
  8. Service – the Esteamate.co application with all the functionalities provided.
  9. Profiling – means any form of automated processing of personal data, which involves the use of personal data to assess certain personal factors of a natural person, in particular to analyse or forecast aspects concerning the performance of that natural person’s work, their economic situation, health, personal preferences, interests, credibility, behaviour, location or movements, and this assessment serves the marketing purposes of the Personal Data Administrator.
  10. Processing of personal data – an operation or set of operations performed on personal data or sets of personal data in an automated or non-automated manner, such as: collecting, recording, organising, arranging, storing, adapting or modifying, downloading, browsing, using, disclosing by sending, distributing or otherwise making available, matching or combining, limiting, deleting or destroying.
  11. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
  12. Consent to data processing – voluntary, specific, conscious and unambiguous expression of will by which the data subject, in the form of a declaration or a clear confirmatory action, consents to the processing of personal data concerning him or her.

BASIC INFORMATION ON PERSONAL DATA PROCESSING

  1. When you use the Service, we track information about your activity on our Service. This information includes the features you use, the links you click on, the dates and times you access the website, the type, size and names of the files you upload, the keywords you search for, the progress of your team and the way you interact on the Service. We also collect information about the teams and people you work with and how you work with them, for example who you most often collaborate with and communicate with on the Service.
  2. When you are active on the Service, we collect information about your computer, phone, tablet or other devices you use to use the Service. Information about the aforementioned devices includes the type and settings of the connection during installation, access, update or use of our Service. We also collect information about your device, such as operating system, browser, IP address, referring/exit URLs, device identifiers and crash data. We use IP address and/or country preference to approximate your location and provide you with a better experience using the Service. The scope of this information depends on the type and settings of the device you are using to access the Service.
  3. Administrators of server services and data centers may disable the collection of information referred to in points 1 and 2 above through administrator settings or prevent its transmission to us by blocking transmission at the local network level.
  4. We also receive information about you from other users of the Service or third parties, from affiliated companies, social media platforms, publicly available databases and from our business and channel partners. We may combine this information with data we collect through other methods described above.
  5. We receive information about you when you or your data controller integrates third-party applications or connects a third-party service to our Services, including information about your activities on and off the Service that we obtain from third-party partners, such as advertising and market research partners, who provide us with information about your interest in and engagement with the Service and interest in online advertising.
  6. We also receive information about you from third-party business information providers and publicly available sources (such as social media platforms), including information about postal addresses, job titles, email addresses, telephone numbers, intent data (or user behavior data), IP addresses, and social media profiles, for the purposes of targeted advertising of products that may be of interest to you, personalised communications, event promotions, and profiling.
  7. The Administrator processes the above-mentioned personal data in order to ensure the use of the full functionality of the Service and to present the offer of products and services on the Service (including for marketing purposes carried out by the Administrator on the basis of agreements with third parties), as well as to determine, pursue or defend against claims related to the use of the Service or the processing of personal data.
  8. The User’s personal data will also be processed for the purpose of settlement (issuing a VAT invoice or bill) for the use of paid versions of the service
  9. The User’s account data is processed in electronic form, after being automatically entered into the Administrator’s databases.
  10. As the Administrator, we process your personal data as a User of our Website on the basis of:
    a) art. 6 sec. 1 letter b) GDPR in order to enable the conclusion of a contract and the provision of the service electronically, as well as the proper performance of this service,
    b) art. 6 sec. 1 letter f) GDPR in order to ensure you can use the full functionality of our Website, which results from our legitimate interest, and in order to learn about your interests and improve our services, which results from our legitimate interest,
    c) Art. 6 sec. 1 letter f) GDPR in order to establish, pursue or defend against claims related to the use of our Website or the processing of the User’s personal data, which results from our legitimate interest,
    d) Art. 6 sec. 1 letter c) GDPR in order to comply with our legal obligations under EU law or Polish law – because processing is necessary to comply with legal requirements to which we are subject.
  11. The User has the right to withdraw consent to the processing of his/her personal data processed on the basis of previously expressed consent or to delete the User’s account from the nordiblinds.com service at any time. Operations on personal data carried out until the withdrawal of consent to their processing or until the User’s account is deleted from the Service remain in accordance with applicable law.
  12. Personal data will be processed until the User withdraws consent to their processing or until the User’s account is deleted from the nordiblinds.com service. Personal data processed for the purpose of performing an agreement for the provision of services on the Service or for the purpose of fulfilling the obligations incumbent on the Administrator or for the purpose of protection against claims will be processed until the expiry of the limitation period for claims or the expiry of the period during which, in accordance with the provisions of generally applicable law, the Administrator is obliged to store documentation related to the performance of the agreement with the User.
  13. The Administrator informs that in the event of deletion of the User’s account, the data made available on the Service by the User will be deleted from it after 14 days from the date of deletion of the account. After this time, it will not be possible to restore the data saved in the User’s account on the nordiblinds.com website
  14. After the withdrawal of consent, the User’s personal data processed on the basis of consent and not subject to processing on any other basis and for any other purpose than the one referred to in point 5 above, are subject to complete removal from all the Administrator’s databases
  15. Providing personal data by the User is voluntary, however, in the event of failure to provide personal data necessary to use the User’s account on the Website, the functionalities available on the nordiblinds.com website or withdrawal of the previously expressed consent to the processing of data in the scope indicated above, the User will not be able to use the account, the Website and all functionalities on the Esteamate.co website
  16. The recipients of the User’s personal data will be authorized employees of the Administrator or other persons with whom the Administrator cooperates as part of the conducted business activity in the implementation of services provided via the Website, persons responsible for maintaining IT systems and IT support, including entities responsible for Microsoft software, Google Drive, persons implementing products on the website, authorized entities providing service accounting.
  17. Data provided by the User will be subject to profiling. Profiling will be carried out in an automated manner, using Google Tag Manager, Google Analytics, Hot Jar, Facebook Meta tools. Profiling will consist in adapting and sending to the User a commercial offer or marketing content, tailored to the needs, expectations, preferences of the User established on the basis of the personal data provided by him, as well as based on, among others, information about the User’s behavior on the Service, clicks on elements of the website and the Service, dates and times of entry.
  18. The Data Administrator has no intention of transferring personal data to a third country or an international organization.