This Policy is aimed at informing users of the www.virtusity.com website (the Website) (the Users) about purposes of and legal bases for processing personal data on the Website, the manner of using the data and about related rights available to the Users. The Users’ personal data are always processed in conformity with applicable laws, including in particular pursuant to the Regulation of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the GDPR).
Who is the Controller?
The Controller is Virtus Lab Sp. z o.o. with registered office in Rzeszów (35-211), Poland, ul. Zofii Nałkowskiej 23, National Court Register entry No. KRS 0000349785, Tax Id. No. (NIP) 5170312965, Industry Id. No. (REGON) 180526627 (the Controller). Contact address: firstname.lastname@example.org. Data subjects can contact the Controller also otherwise as preferred.
Purposes of, and legal bases for, processing of personal data
- E-mail correspondence:
Personal data are processed to pursue the Controller’s legitimate interests (Art. 6.1.f of the GDPR). Personal data are provided on a voluntary basis, but the provision thereof is necessary to receive a reply from the Controller. In such a case, personal data are processed due to the Controller’s legitimate interests. The Controller’s legitimate interests consist in communicating with an individual who requests of the Controller to provide an answer.The correspondence may be conducted for many reasons which are hard to categorize. The messages may be sent as a result of organizing various events, existing or possible contracts, technical advice, financial settlements, etc.
- Conclusion and performance of an agreement:
Personal data are processed in order to take up activities, at the User’s request, prior to the conclusion of an agreement (e.g. to submit an offer) and to perform an agreement (Art. 6.1.b of the GDPR). Providing personal data is necessary for an agreement to be concluded; if they are not provided, it shall be impossible to conclude an agreement;
- Direct marketing of own services, pursuit of and protection against legal claims, fraud prevention, statistics and analytics, ensuring ICT environment security, and application of internal control systems:
Personal data are processed to pursue the Controller’s legitimate interests (Art. 6.1.f of the GDPR). The Controller’s legitimate interest consists in a possibility to undertake the aforementioned activities;
- Financial settlements:
Personal data are processed in order to comply with the Controller’s legal obligations resulting in particular from accounting policies and tax related regulations (Art. 6.1.c of the GDPR). The provision of personal data is a statutory requirement.
Recipients of personal data:
Personal data may be processed by the Controller’s service providers rendering, among others, financial settlements, legal, advisory, consulting, audit, marketing, archiving, IT, courier, postal services, and by the entities from the Virtus Lab Group. The Users’ data will not be shared with any other third parties, unless this proves necessary and the User consents thereto or a data disclosure obligation results from mandatory rules of law, a final and non-appealable court judgment or a final decision of a relevant body. On the Website, there can be references to other webpages. The Controller shall not be liable for the processing of personal data connected with the use of these webpages by the User. Having moved to the other webpages, the User should first consult their privacy policies and personal data protection procedures. The Controller shall not transfer personal data to any third parties outside the EEA or to any international organisations unless this proves necessary. The personal data will be transferred only if the entities comply with GDPR requirements.
What does profiling involve and are any data on the Website subject to profiling?
Data on the Website is not subject to profiling. In the event that, in connection with the development of the Website, personal data were to be profiled, the Controller will inform Users about it, and profiling will be carried out in accordance with the relevant provisions of law. In the event of profiling, the Controller will implement appropriate measures to protect the rights, freedoms and legitimate interests of Users, including the possibility of human intervention on the part of the Controller, as well as the possibility of expressing his own opinion and questioning the decision.
How can personal data be changed?
The User has the right of access to content of their personal data and the right of rectification and erasure of the personal data, the right to restrict processing of the data, the right to data portability and the right to withdraw consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Further, the User has the right to object to processing of their personal data, including in particular to profiling. To this end, the User can contact the Controller at the e-mail address: email@example.com. The User can contact the Controller also otherwise as preferred.
How does the Controller protect personal data?
The Controller protects the Users’ data against unauthorised access, disclosure, change or destruction. In particular, the Controller makes use of data encryption, physical security measures and verification in IT systems. Further, the Controller uses anti-virus software and firewalls. The Users’ data may be accessed exclusively by authorised individuals bound by confidentiality and subcontractors that have entered into personal data sub-processing agreements with the Controller.
How long will personal data be processed?
The Users’ data shall be processed for as long as the Users use the Website. In case of processing personal data:
- in connection with e-mail correspondence – personal data shall be processed for a period necessary to provide the User with an answer or until the User raises an effective objection. The correspondence may be one-time, regular or rare but with new messages every now and then. Therefore, it may be stored due to possible continuation of discussions. Current relevance of personal data is, however, checked at least once a year;
- prior to the conclusion of an agreement or in connection with the performance thereof, personal data shall be processed for the duration of an agreement performance term, and if an agreement has not been concluded – until either party resigns from concluding an agreement, regardless of a reason;
in case of financial settlements – personal data shall be processed for a period of five years from the end of a calendar year when a transaction has been conducted.
Personal data may also be processed upon the lapse of the indicated periods, until any potential legal claims are time-barred or for as long as is possible or required in compliance with applicable laws. In particular, if a processing period based on a given legal basis has expired, this shall not mean that personal data may not be processed based on another legal basis. Upon the lapse of a processing period, in the absence of any bases for processing, personal data shall be permanently deleted or anonymised.
Other data processing related rights of the Users
The Users have the right to file a complaint with the President of the Personal Data Protection Office if they consider that their personal data are processed in breach of mandatory rules of law.
This Policy and any amendments hereto shall apply as of the moment when they are published on the Website.
This Policy is aimed at informing users of the www.virtusity.com website (the Website) (the Users) about purposes of storing and gaining access to cookies in the Users’ terminal equipment and about options to set terms of storing or gaining access to the cookies through browser settings or service configuration. The Website’s controller (the Controller) might store the cookies in the Users’ terminal equipment and have access thereto.
What are cookies?
Cookies are information saved in text files sent by the Website to the User’s browser and resent by the User’s browser when the User re-visits the Website. The cookies are stored in the User’s terminal equipment (computer, laptop, smartphone). They are used to maintain the User’s session and to save other data so that the User does not need to enter the same information whenever they use the Website. Among other things, the cookies remember a website name, data of the User’s browser, unique settings and a period for which the data will be stored. Data saved in the cookies are not matched with individual Users of the Website.
What kind of cookies are used by the Website?
Session cookies – files stored in a browser’s memory until it is closed, required for the Website’s functionalities to operate correctly.
Permanent cookies – files stored in a browser’s memory for a specific period. Among other things, they guarantee the proper navigation and layout of the Website. A period for which these files are stored depends on a choice which the User can make in their browser settings. This type of the cookies allows for information to be passed to the Website whenever the Website is visited by the User.
Analytics cookies – files stored in a browser’s memory for the purposes of website traffic statistics and analytics. The analytics service is provided by Google Inc., as part of Google Analytics. Information obtained with the use of those tools is not shared with any entities other than Google and serves only to report the User’s interactions on the Website.
Who is the Controller of the Website?
The Website’s Controller is Virtus Lab Sp. z o.o. with registered office in Rzeszów (35-211), Poland, ul. Zofii Nałkowskiej 23, National Court Register entry No. KRS 0000349785, Tax Id. No. (NIP) 5170312965, Industry Id. No. (REGON) 180526627. Contact address: firstname.lastname@example.org.
The User’s browser might by default allow for storing of the cookies. At any time, the User can set terms of storing and accessing data saved in the cookies, through browser settings. The cookies can be blocked; an option of storing the cookies can be restricted (e.g. by informing the User about installation of the cookies on a case-by-case basis) or access to the cookies can be limited; however, any blocking or restricting of the cookies may affect the Website’s quality or even prevent the proper display of the Website on the User’s terminal equipment. Detailed information on the options and manner of handling the cookies is available in browser settings. More information on cookies management is available in a given browser’s functionalities.
This Policy and any amendments hereto shall apply as of the moment when they are published on the Website.