I. The present Regulations have been prepared based on the legal provisions in force in the territory of the Republic of Poland and define the rules for the functioning of Verseo sp. z o.o. sp. k. [Ltd. LP] webpages; henceforth the ‘webpages’.
The Regulations define the responsibilities and the scope of responsibilities of the websites as the managing and leading entity.
- The website administrator is Verseo spółka z ograniczoną odpowiedzialnością spółka komandytowa [Ltd. LP] seated in Plewiska Grunwaldzka 515B /5 street, 62 – 064 Plewiska, entered into the register of enterprises of the National Court Register kept by the District Court for Poznań – Nowe Miasto and Wilda in Poznań Business Division of the National Court Register No. VIII, under KRS: 0000596164, NIP: 7773257986, Regon: 36348873.
- The author of the text and graphic content of the websites is: Verseo sp. z o.o. sp.k. and their business partners.
- The websites and all of their components are protected by law,
especially Act of 4 February 1994 On Copyright and Related Rights (O J 2000 No. 80
item 904 with later. amendments) and Act of 16 April 1993 On combating unfair
competition (O J 1993 No. 47 item 211 with later. amendments.
- The authors of the posted text and graphic content do not consent to any kind of publication or altering of the content (publishing houses, publications, presentations, Internet sites and others, covered by the Act
on Copyright and Related Rights) without their written consent.
- In the case of unlawful use (irrespective of whether the activities related to the use of graphics and content were commercial or non-commercial), both the website Owner and their graphic designers will take legal steps to enforce their rights covered in the Copyright and Related Rights Act.
- The user has a right to use the entirety of the content published on the Internet websites as long as the copyright is not being infringed. No parts of the website shall be used for commercial purposes without the Owner’s prior consent.
- The website Owner and its authors are not responsible for any moral and financial losses incurred as a result of using the content posted on websites.
- The websites use ‘Cookies’ which serve for the purpose of identifying the Internet browser while using the website. The Cookies do not collect personal data of any kind. What is being collected is, for example, the user’s browser type, time spent on the page, etc. The Cookies are used for statistical analysis of particular websites.
- The commercial offer presented on the websites does not constitute an offer within the meaning of the provisions of the Civil Code Article 66(1) and other applicable provisions of law. The character of each of the websites is solely informative.
II. Personal data protection
- The personal data are processed by Verseo in compliance with the rules of Regulations(EU) 2016/679 of the European Parliament and of the Council of 27 April 2016. on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (henceforth:GDPR), and also other legal provisions regulating the natural persons personal dataprotection.
- The personal data collected by all kinds of forms posted on Verseo Internet websites
covering such information as, among others, name,
surname, contact number, e-mail address, company name are only used for client
identification, establishing commercial contact, distributing free content prepared by Verseo, Verseo service quote estimation, maintaining commercial negotiations with the client and possibly signing and implementing an agreement. Should the Client consent, the provided personal data will be used by Verseo for marketing purposes of own goods and services or marketing of goods and services of third parties, and monitoring of the Company webpage’s traffic
- Personal data collected via all kinds of question forms posted on Verseo websites shall be processed by Verseo over a timeframe required to provide the Clients free content or Verseo service quote estimation, and the commercial negotiations leading to signing of agreement (however, not longer than for a year after you have received the Company’s commercial offer), and further for the duration of fulfilment of the agreement, and also for the time when Verseo sp. z o.o. sp. k. [Ltd. LP]. is obliged to keep sales documents.
- The personal data collected by all kinds of forms posted on Verseo Internet websites are processed based on the person’s consent Article 6(1)(a) of GDPR, and also Article 6(1)(b) of GDPR, i.e., their processing is necessary for fulfilment of an agreement, where the personal data subject is one of the parties, or to undertake actions on the data subject’s demand, before entering into an agreement.
- The personal data processing consent may be revoked by the Client at their discretion. Revoking the consent does not invalidate the data processing carried out by Verseo before the revocation. Your consent may be revoked by sending an e-mail to: email@example.com, containing an appropriate statement, the example of which is presented below:
‘working on behalf of (subject’s name) seated in (the address of the company seat) as (the position of the person giving the statement and the grounds for authorisation of subject’s representation)/ or Me – name, surname, address of residence – I hereby revoke the personal data processing consent given to Verseo sp. z o.o. sp. k. [Ltd. LP] seated in Plewiska’.
- Recipient categories, to which the personal data of Verseo Clients maybe disclosed by Verseo are: the employees, Verseo associates, accounting office, law firms, national debt registers. All of these persons have been trained in appropriate personal data processing by Verseo, and have obliged to process them in a manner that guarantees the highest degree of the data safety.
- Verseo sp. z o.o. sp.k. does not and will not transfer your data to recipients in third countries or international organisations.
- Verseo processes personal data of the Clients via computer systems
and software that provides the safest degree of personal data processing (such as,
among others, encryption and anonymization of the information sent, periodical
system password changes). Verseo processes the personal data of their Clients outside the IT system via technical and organisational measures which provide the highest degree of personal data protection security.
- Personal data subject, has the right to access his or her data, to rectification, to erasure (the right to be forgotten), to restrict processing, to data portability, to revoke the consent at this or her discretion, without affecting the validity of the processing that would have been carried out before the revocation of consent.
- The data subject has a right to object to personal data processing by Verseo. The objection shall be lodged to: firstname.lastname@example.org.
- Should a data subject consider that Verseo processes his or her data in violation to the provisions of the personal data protection Regulations, he or she has a right to lodge a complaint to GIODO, or later, once personal data protection Regulations come into force, PUODO.
- Verseo established a data protection officer, who is available via tel. nr: + 48 534 008 812 and e-mail address email@example.com.
- In the case of personal data breach Verseo shall without undue delay,
where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority – (GIODO, and after May 25th
2018, PUODO), unless the breach is unlikely to result in a risk to the rights and
freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, Verseo shall accompany it with reasons for the delay. Should the personal data breach result in high risk to the rights and freedoms of natural persons, Verseo shall without undue delay notify the personal data subject about that risk.
III. Principles for the processing of personal data by the Controller (Verseo)
Verseo shall adhere to the following personal data processing principles:
- Fairness, lawfulness and personal data transparency rule, according to whichprocessing of personal data by Verseo should be lawful and fair, and transparent to the personal data subjects.
- Restriction of the processing purposes– Verseo collects the data
in a manner adequate and relevant to their processing purpose. Further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes should be considered Verseo to be compatible lawful processing operations.
- Data minimisation–Verseo processes the data relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Accuracy of processing- Verse shall only process personal data that are accurate and where necessary, kept up to date. Verseo will take every reasonable step to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
- Purpose and time storage limitation –Verseo keeps the data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. Verseo may store the personal data for longer periods insofar as the personal data will be processed solely for statistical purposes. Verseo shall implement the appropriate technical and organisational measures required in order to safeguard the rights and freedoms of the data subject.
- Ensuring the integrity and confidentiality of the data processing– processed in a manner that ensures appropriate security of the personal data,
including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
- Accountability principle–Verseo shall be responsible for, and be able to demonstrate compliance with the principles of data processing shown above, points 1 through 6. Verseo shall implement appropriate technical and organisational measures, which provide the highest degree of safeguarding personal data processed by Verseo, in compliance with the principles listed above.
IV. Information to be provided by the Controller
Whether Verseo collects the data from the data subject or from other sources, the Regulations(GDPR) require Verseo to provide separate information accordingly.
Information to be provided by the Controller both where the data are collected from the data subject and indirectly:
- The identity and the contact details of the controller and the identity and contact details of the controller’s representative.
- The contact details of the data protection officer, where applicable.
- The purposes of the processing for which the personal data are intended as well as the legal basis for the processing.
- The recipients or categories of recipients of the personal data.
- Where applicable, the fact that the controller intends to transfer personal data to a third country or international organisation.
- The period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period.
- The rights of data subjects.
- The right to lodge a complaint with a supervisory authority (where full name and address of the authority is provided).
- Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data.
- The existence of automated decision-making, including profiling.
- When the controller intends to further process the personal data for a purpose other than that for which the personal data were collected originally:
Information to be provided by the Controller when the data were collected not from the data subject (i.e., indirectly)
Verseo, in such case, has to additionally inform the data subject about:
- The categories of personal data concerned, therefore the categories of processed data, such as name, surname, address, date of birth, etc.
- From which source the personal data originate, and if applicable, whether it came from publicly accessible sources.
The conditions when the information does not have to be provided by controller who acquired the data indirectly
The controller who acquired the data indirectly does not have to provide the information, in the case and scope when:
- The data subject already has the information;
- provision of such information proves impossible or would involve a disproportionate effort, in particular for processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes;
- obtaining or disclosure is expressly laid down by Union or Member State law to which the controller is subject and which provides appropriate measures to protect the data subject’s legitimate interests; or
- Where the personal data must remain confidential subject to an obligation of professional secrecy regulated by Union or Member State law, including a statutory obligation of secrecy.
V. Transparent communication between the Controller and the data subject (Article. 12 GDPR):
- Verseo shall in a concise, transparent, intelligible and easily accessible form, using clear and plain language – in particular for any information addressed specifically to a child – provide the data subject all information covered by Articles 13 and 14 of GDPR, and communicate in compliance with Articles 15 to 22 and 34 of GDPR. The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.
- Where Verseo demonstrates that it is not in a position to identify the natural person who requests exercise of his or her rights, covered by Article. 15 to 21 of GDPR, it may demand further information necessary to identify the personal data subject.
The period for Controller’s provision of information
- Where the data were collected from the data subject, all of the information above shall be provided during the data acquisition.
- Where the data were collected indirectly, the information shall be provided within the following periods:
- Within a reasonable period after obtaining the personal data, but at the latest within one month, having regard to the specific circumstances in which the personal data are processed;
- If the personal data are to be used for communication with the data subject, at the latest at the time of the first communication to that data subject; or
- If a disclosure to another recipient is envisaged, at the latest when the personal data are first disclosed.
VI. Responsibility of the Controllertaking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, Verseo has implemented appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with GDPR. Those measures are reviewed and kept up to date on a twice per year basis. The responsibilities of Verseo as the controller directly as a result of GDPR are especially:
- Data protection by design and by default – in order to comply with this requirement, Verseo has implemented appropriate technical and organisational measures, such as pseudonymization, which are designed to implement data-protection principles, such as data minimisation, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the highest level of protection of the rights of data subjects.
- Entrusting data processing based on a written agreement–Verseo uses solely the services of such processors who guarantee adequate implementation of technical and organisational means so as to safeguard the rights of the data subjects. Processing by a processor shall be governed by a contract or other legal act, under Union or Member State law, that is binding on the processor with regard to Verseo and that sets out the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects and the obligations and rights of the controller.
- Records of processing activities. The controller shall maintain a record of processing activities The record of processing activities is maintained by Verseo in electronic form and is kept up to date. Verseo shall make the record available to the supervisory authority on request.
- Security of processing Verseo has implemented and uses the following technical and organisational measures, to ensure minimal risk of personal data breach:
- the pseudonymization and encryption of personal data;
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
- a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
- Notification of a personal data breach to the supervisory authority. In the case of personal data breach, Verseo shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, Verseo shall accompany it with reasons for the delay. When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.
- Data protection impact assessment. Where type of processing n particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, Verseo shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data.
- Conducting prior consultations. Verseo shall consult the supervisory authority prior to processing where a data protection impact assessment indicates that the processing would result in a high risk in the absence of measures taken by Verseo to mitigate the risk.
VII. Processing of children’s data
By default, all Verseo’s actions are directed to adults, who are free to make their own decisions or influence the decision-making. If the holders of parental responsibility are aware of the fact that the child filled out the form available on the Verseo websites, we would kindly ask for contact with Verseo for the purpose of erasing these data from the database, or to revoke the consent by sending an appropriate e-mail to: firstname.lastname@example.org.
VIII. The rights of Verseo website users
The subject of personal data:
- has the right to obtain from Verseo confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the information covered in Article 15 of GDPR,
- has the right to obtain from Verseo without undue delay the rectification of inaccurate personal data concerning him or her. (Article 16 of GDPR),
- has the right to obtain from Verseo the erasure of personal data concerning him or her without undue delay under specific circumstances (Article 17 of GDPR),
- has the right to the right to obtain from Verseo restriction of processing under specific circumstances (Article 18 of GDPR),
- has the right to receive the personal data concerning him or her, which he or she has provided Verseo, in a structured, commonly used and machine-readable format, and,
- has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (Article 20 of GDPR),
- has the right to object processing of his or her data (Article 21 of GDPR),
- has the right not to be subject to a decision based solely on automated processing, including profiling, (Article 22 of GDPR).
The controller allows the exercise of the data subject’s rights based on the provisions of the Union’s personal data protection Regulations.