Privacy Policy

  • This Privacy Policy defines the rules for processing of the personal data obtained by the optimatis.pl website (hereinafter referred to as the “Website”).
  • The Owner of the Website and at the same time the data administrator is Optimatis Sp. z o.o. with the registered address in Warsaw (zip-code: 02-387) at Lirowa Str., 13, having the Polish Tax Identification Number (NIP): 8992683287 and the National Economy Register Number (REGON): 021098511, hereinafter referred to as Optimatis.
  • Personal data collected by Optimatis via the Website are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of the personal data and the free movement of such data, and repealing Directive 95/46/WE (General Data Protection Regulation) also knows as GDPR.
  • Optimatis takes particular care to respect the privacy of Users visiting the Website.

1 Type of processed data, purposes and legal bases

 

Optimatis collects information regarding natural persons performing legal actions not related directly with their business activity, natural persons conducting business or professional activities on their own behalf and natural persons representing legal persons or organizational units that aren’t legal persons, but having a legal capacity granting by the law and running business or professional activities on their own behalf , hereinafter referred to as Users.

Personal data of Users are collected in case of:

  1. subscription to an information bulletin (Newsletter), for the purpose of contract fulfilment, the subject of which is a service provided in electronic form. Legal basis is a consent of the person, whose data it concerns, for the fulfilment of the contract for the Newsletter service provision (Article 6(1)(a) of GDPR);
  2. using the contact form service for the purpose of electronically provided contract fulfilment. Legal basis is a necessity to fulfil the contract for contact form service provision (Article 6(1)(b) of GDPR);

In case of using the Newsletter service, the User provides the following data:

  1. e-mail address;

In case of using the contact form service, the User always provides the following data:

  1. e-mail address;
  2. name and surname;
  3. phone number.

And optionally, depending on the service type the contact form concerns:

  1. number of company employees;
  2. his website.
  • When using the Website, additional information can be collected, in particular: the IP address assigned to the User’s computer or the external IP address of the Internet provider, domain name, browser type, access time, operating system type.
  • Navigational data may also be collected from Users, including information about links and references they decide to click or other activities undertaken on our Website. Legal basis – legitimate interest (Article 6(1)(f) of GDPR), consisting in facilitating the use of services provided electronically and in improving the functionality of these services.
  • For the purpose of establishing, investigating, and enforcing claims, some personal data provided by the User as part of using the functionality on the Website may be processed, such as: name, surname, data regarding the use of services, if the claims arise from the way the User uses the services, other data necessary to prove the existence of the claim, including the extent of the damage suffered. Legal basis – legitimate interest (Article 6(1)(f) of GDPR), consisting of establishing, investigating, and enforcing claims and defending against claims in proceedings in courts and before other state authorities.
  • Providing personal data to Optimatis is voluntary, in connection with concluded sales contracts or the services provision via the Website.

2 Who is the data shared or entrusted with and how long are the data stored?

 

  1. The User’s personal data are transferred to service providers, which Optimatis uses to run the Website. Service providers receiving personal data, depending on contractual arrangements and circumstances, either follow Optimatis’ instructions regarding the purposes and methods of processing such data (data processors) or independently determine the purposes and methods of processing such data (administrators).
    1. Data processors. Optimatis uses providers who process personal data solely on the instructions of Optimatis. These include, among others: hosting providers, accounting services, marketing systems providers, The Website traffic analytics systems providers, marketing campaigns’ efficiency analytics systems providers;
    2. Optimatis uses providers who do not act solely on instructions and determine the purposes and methods of using Users’ personal data themselves. They provide banking and electronic payment services.
  2. Service providers are mainly based in Poland and other countries of the European Economic Area (EEA).
  3. Users’ personal data are stored:
    1. If the basis for the personal data processing is a consent, then the User’s personal data are processed by Optimatis until the consent is withdrawn, and after the consent is withdrawn, for a period of time corresponding to the limitation period for claims that may be raised by or against Optimatis. Unless a special provision states otherwise, the limitation period is ten years, and three years for claims for periodic benefits and claims related to business activities.
    2. If the basis for data processing is the fulfilment of a contract, then the User’s personal data are processed by Optimatis for as long as it is necessary to fulfil the contract, and after that for a period corresponding to the limitation period for claims. Unless a special provision states otherwise, the limitation period is ten years, and three years for claims for periodic benefits and claims related to business activities.
  4. Navigation data may be used to provide Users with a better service, statistics’ analysis and to adapt the Website to Users’ preferences, as well as to administer the Website.
  5. If the User subscribes to the information bulletin service (Newsletter), Optimatis will send electronic messages containing commercial information about promotions and new products available on the Website to the User’s e-mail address.
  6. If a request is made, Optimatis provides personal data to authorized state authorities, in particular organizational units of the Prosecutor’s Office, the Police, the President of the Personal Data Protection Office, the President of Competition and Consumer Protection Office or the President of Electronic Communications Office.

3 Cookies mechanism, IP address

 

  1. The Website uses small files called cookies. They are stored by Optimatis on the end device of the person visiting the Website, in case the web browser allows it. A cookie usually contains the name of the domain it comes from, its „expiration time” and an individual, randomly selected number identifying the file. Information collected through such files helps to customize the products offered by Optimatis to the individual preferences and actual needs of the persons visiting the Website. They also allow to create general statistics on visits to the presented on the Website products.
  2. Optimatis uses two types of cookies:
    1. Session cookies: after the certain browser session is over or the computer is switched off, the saved information is deleted from the device’s memory. The session cookies mechanism does not allow downloading any personal data or any confidential information from the Users’ computers.
    2. Persistent cookies: they are stored in the memory of the User’s end device and remain there until they are deleted or expire. The persistent cookies mechanism does not allow downloading any personal data or any confidential information from the Users’ computer.
  3. Optimatis uses its own cookies for:
  4. analysis and research, as well as viewers’ audits, in particular for creating anonymous statistics that help understand how Users use the Website, enabling the improvement of its structure and content.
  5. Optimatis uses external cookies for:
  6. popularizing the Website using the social media service Facebook.com (external cookies administrator: Facebook Inc based in the USA or Facebook Ireland based in Ireland);
  7. popularizing the Website using the social media service Facebook.com (external cookies administrator: Facebook Inc based in the USA or Facebook Ireland based in Ireland);
  8. presenting on the informational pages of the Website a map, indicating the location of the Optimatis office, using the Google.com internet service (external cookies administrator: Google Inc. based in the USA);
  9. researching the behaviour of people visiting the Website via the Hotjar tool (external cookies administrator: Hotjar Ltd. based in Malta);
  10. presenting advertisements specified to the User’s preferences, using the Google Ads online advertising tool (external cookies administrator: Google Inc. based in the USA).
  11. The cookies mechanism is safe for the computers of the Website Users. In particular, it is not possible to get viruses or other unwanted or malicious software to Users’ computers in this way. Nevertheless, the Users have the option of limiting or disabling an access to cookies in their browsers on their computers. On applying of this option, the use of the Website will remain possible with the exception of functions that by their nature require cookies.
  12. How to change cookies settings in popular web browsers is shown below:
  13. Internet Explorer browser;
  14. Microsoft EDGE browser;
  15. Mozilla Firefox browser;
  16. Chrome browser;
  17. Safari browser;
  18. Opera
  1. Optimatis may collect Users’ IP addresses. An IP address is a number assigned to the computer of a person visiting the Website by the Internet service provider. The IP number enables access to the Internet. In most cases, it is dynamically assigned to the computer, meaning it changes with each Internet connection, and is, therefore, commonly treated as a non-personal identifying information. The IP address is used by Optimatis when diagnosing technical problems with the server, creating statistical analyses (e.g. determining from which regions the highest numbers of visits are notified), as information useful in administering and improving the Website, as well as for security purposes and potential identification of server overloads, unwanted automatic programs for viewing the content of the Website.
  2. The Website contains links and references to other websites. Optimatis doesn’t bear any responsibility for the privacy policies applicable on those websites.

4 Rights of the individuals whose data are processed

 

  1. The right to withdraw consent – legal basis: Article 7(3) of GDPR.
    1. The User has the right to withdraw any consent given to Optimatis.
    2. The withdrawal of consent takes effect from the moment of withdrawal.
    3. The withdrawal of consent does not affect the processing carried out by Optimatis in accordance with the law before its withdrawal.
    4. The withdrawal of consent does not entail any negative consequences for the User, however, it may prevent further use of services or functionalities that, in accordance with the law, Optimatis can provide only with consent.
  1. The right to object to data processing – legal basis: art. 21 GDPR.
    1. The User has the right to object at any time – for reasons related to his particular situation – to the processing of his personal data, including profiling, if Optimatis processes his data based on a legitimate interest, e.g. marketing of Optimatis products and services, conducting statistics on the use of specific functionalities of the Website and facilitating the use of the Website, as well as conducting satisfaction surveys.
    2. Resignation by e-mail from receiving marketing messages regarding products or services will signify the User’s objection to the processing of his personal data, including profiling for these purposes..
    3. If the User’s objection turns out to be justified and Optimatis has no other legal basis for the processing of personal data, the User’s personal data, to the processing of which the User has objected, will be deleted.
  1. The right to delete data (“right to be forgotten”) – legal basis: Article 17 of GDPR.
  1. The User has the right to request the deletion of all or some personal data.
  2. The User has the right to request the deletion of personal data if:
  • the personal data are no longer necessary in relation to the purposes for which they were collected or processed;
  • the User withdrew a specific consent to the extent that personal data were processed based on his consent;
  • the User objected to the use of his data for marketing purposes;
  • personal data are processed unlawfully;
  • personal data must be deleted in order to comply with a legal obligation under Union law or the law of the Member State to which Optimatis is a subject;
  • personal data have been collected in relation to the offer of information society services.

Despite the request for deletion of personal data in connection with objection or withdrawal of consent, Optimatis may retain certain personal data to the extent that processing is necessary to establish, pursue or defend claims, as well as to fulfil a legal obligation under Union law or the law of the Member State to which Optimatis is a subject. This applies in particular to personal data including: name, surname, e-mail address, which are kept for the purposes of considering complaints and claims related to the use of Optimatis services, or additionally the address of residence/correspondence address, order number, which are kept for the purpose of considering complaints and claims related to concluded sales contracts or the provision of services.

  1. The right to limit data processing – legal basis: Article 18 of GDPR.
    1. The User has the right to request restriction of the processing of his or her personal data. Submitting such a request, until it is considered, prevents the use of certain functionalities or services that involve the processing of the data covered by the request. Optimatis will also refrain from sending any communications, including marketing messages.
    2. The User has the right to request restriction of the use of personal data in the following cases:
  • when the User contests the accuracy of his personal data – in this case, Optimatis restricts their use for the time needed to verify the accuracy of the data, but no longer than 7 days;;
  • when data processing is unlawful and instead of deleting the data, the User requests restriction of their use;
  • when personal data are no longer necessary for the purposes for which they were collected or used, but they are needed by the User to establish, pursue or defend claims;
  • when  the User has objected to the use of his data –  in this case, the restriction lasts for the time needed to consider whether, due to the User’s specific situation, the protection of the User’s interests, rights and freedoms outweighs the interests pursued by the Administrator when processing the User’s personal data.
  1. The right of access to data – legal basis: Article 15 of GDPR.
    1. The User has the right to obtain a confirmation from the Administrator, whether the personal data are being processed, and if so, the User has the right to:
  •  gain an access to his personal data;
  • obtain information about the purposes of processing, categories of personal data processed, about the recipients or categories of recipients of this data, the planned period of storage of the User’s data or about the criteria for determining this period (when determination of the planned period of data processing is not possible), about the User’s rights under the GDPR and about the right to lodge a complaint with the supervisory authority, about the source of this data, about automated decision-making, including profiling, and about the safeguards used in connection with the transfer of this data outside the European Union;
  • obtain a copy of his personal data.
  1. The right to rectification of data – legal basis: Article 16 of GDPR.
    1. The User has the right to request the Administrator to immediately correct any inaccuracies of his personal data. Taking into account the purposes of the processing, the User whose data are concerned has the right to request the completion of incomplete personal data, also by submitting an additional statement and sending a request to the e-mail address in accordance with §6 of the Privacy Policy.
  2. The right to data portability – legal basis: Article 20 of GDPR.
    1. The User has the right to receive his personal data that he provided to the Administrator and then send them to another personal data administrator of his choice. The User also has the right to request that personal data be sent by the Administrator directly to such an administrator, if it is technically possible. In such a case, the Administrator will send the User’s personal data in the form of a file in the CSV format, which is a commonly used machine-readable format that allows the received data to be sent to another personal data administrator.
  3. If the User exercises the right resulting from the above rights, Optimatis complies with the request or refuses to comply with it immediately, but no later than within one month after receiving it. However, if due to the complexity of the request or the number of requests, Optimatis will not be able to fulfil the request within a month, it will fulfil it within the next two months by informing the User in advance, within one month of receiving the request, about the intended extension of the deadline and its reasons.
  4. The User may submit to the Administrator complaints, inquiries and requests regarding the processing of his personal data and the exercise of his rights.
  5. The User has the right to request that Optimatis provides copies of standard contractual clauses, directing the inquiry as specified in §6 of the Privacy Policy.
  6. The User has the right to lodge a complaint with the President of the Office for Personal Data Protection regarding a violation of his rights to personal data protection or other rights granted under the GDPR.

5 Security management – password

 

  1. Optimatis provides Users with a secure and encrypted connection when sending personal data and when logging in to the User’s account on the Website. Optimatis uses an SSL certificate issued by one of the world’s leading companies in the field of security and encryption of data transmitted over the Internet.
  2. Optimatis never sends any correspondence, including electronic correspondence, asking for login details, especially the access password to the User’s account.

6 Privacy Policy changes

 

  1. The Privacy Policy may be a subject to change, of which Optimatis will inform Users in advance, with a notice period of 7 days.
  2. For any questions related to the Privacy Policy, please, contact us at: optimatis@optimatis.pl
  3. Date last modified: February 28, 2023.

Privacy Policy

 

Copyright © 2023 Optimatis