Privacy and personal data processing policy at SEDIVIO
The principles of personal data protection are regulated by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27/04/2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: GDPR).
The administrator of your personal data
The administrator of personal data processed as described below is SEDIVIO S.A. with its registered office in Warsaw, ul. Okopowa No. 47, code 01-059, Warsaw, KRS: 0000480272 or a subsidiary of SEDIVIO S.A. with its registered office in Warsaw, i.e. Concept Masters sp. z o. o. with its registered office in Warsaw, ul. Okopowa, No. 47, apt. 23, 01-059 Warsaw, KRS: 0000856343, which is a party to the contract for the provision or receipt of services or the contacted entity (hereinafter: "SEDIVIO" or "we").
Type of personal data processed
In order to answer a question you have asked or to respond to an attempt to contact you, we may obtain access to your personal data: name and surname, e-mail address, telephone number. We use this data to contact you.
Personal data, such as name, surname, e-mail address, telephone number, company name or position held, are also collected and processed by us if you decide to voluntarily complete the surveys and forms provided by us.
When you visit our website, the IP address assigned to you is automatically recorded and then used to measure website traffic patterns and statistics. IP addresses are not stored at the individual level.
Who do we transfer personal data to?
We may transfer your personal data to our subcontractors - entities whose services we use to process data in order to achieve our goals.
Your personal data may be transferred to the following categories of recipients:
service providers supplying the Data Administrator with technical and organizational solutions enabling management of the Data Administrator's organization, including entities operating ICT systems or providing access to ICT tools for the data administrator (in particular ICT service providers, courier and postal companies),
providers of legal and advisory services and supporting the Data Administrator in pursuing due claims (in particular law firms);
companies from the SEDIVIO Group;
other entities and authorities to whom the Data Administrator is obliged or authorized to provide personal data on the basis of generally applicable provisions of law.
Transfer of data to third countries or international organizations
Some of our subcontractors may transfer your personal data outside the European Economic Area (EEA).
Due to the use of services by us, among others, Google Analytics, Facebook, LinkedIn, Your personal data may be transferred outside the EEA, including to the USA. Please be advised that the above entities are bound by standard contractual clauses (EU model clauses regarding the transfer of personal data between the Data Administrator and processors).
We encourage you to familiarize yourself with the data protection safeguards applied by the above-mentioned entities.
What is the purpose and legal basis for processing and the period of data storage
We process your personal data only for the purposes set out below and in accordance with the legal bases indicated below.
The data provided by you are stored only for the period necessary to achieve the specific purpose for which they were sent or for the purposes of compliance with the law. If the basis for data processing is necessary to conclude and perform the contract, your data is stored by the Administrator until its termination.
The personal data of persons designated for contact or otherwise involved in the performance of the contract on behalf of the client or contractor of the Data Administrator provided to the Administrator are processed for the period necessary to implement the legitimate interests of the Data Administrator.
The data storage period may be extended if the processing of your data proves necessary to establish or pursue claims or defend the Data Administrator against claims.
If you agree to the use of your personal data for marketing purposes, we will provide you with information of this nature until the consent is withdrawn.
You have the right to withdraw your consent at any time.
Purposes for which we process your personal data:
answering the question you asked; legal basis: in the event of voluntary provision of personal data, you consent to their use in order to answer the question (Article 6(1)(a) of the GDPR); the processing of your data in order to answer the questions sent and to conduct further correspondence results from our legitimate interest (Article 6(1)(f) of the GDPR). After the contact is completed, your personal data will be processed on the basis of our legitimate interest, which is the archiving of correspondence with you, i.e. pursuant to art. 6 sec. 1 lit. f GDPR; providing your data is voluntary, but necessary to get an answer to your question and to contact us;
analyzing survey responses/results (if you choose to voluntarily participate in a survey) and improving our services based on those responses/results; legal basis: if you participate in the survey, you consent to the use of your personal data for the purpose indicated above, and we process your personal data based on our legitimate interest, which is the use of the results of the analysis of responses/survey results for the purposes provided for in the survey in which you took part, i.e. pursuant to art. 6 sec. 1 lit. f GDPR; providing your data is voluntary, but necessary to participate in the survey;
managing signups for events and online events; legal basis: in the case of voluntary provision of personal data, you consent to the use of your personal data for the purpose indicated above, and we process your personal data on the basis of our legitimate interest, which is the efficient management of registrations for events and online events, i.e. pursuant to art. 6 sec. 1 lit. f GDPR; providing your data is voluntary, but necessary to sign up for events and online events;
sending newsletters; legal basis: in the case of voluntary provision of personal data, you consent to the use of your personal data for the purpose indicated above, and we process your personal data on the basis of our legitimate interest, which is sending the newsletter for which you have subscribed, i.e. pursuant to art. 6 sec. 1 lit. f GDPR; providing your data is voluntary, but necessary to receive the newsletter from us;
improving and optimizing the website, also in the field of anonymizing personal data in order to conduct aggregate data analyzes on how our website is used, including: analysis of the number of views, traffic flow, use of the search function; legal basis: SEDIVIO's legitimate interest in improving our website and the quality of services provided, i.e. pursuant to art. 6 sec. 1 lit. f GDPR. More information can be found below in the "Cookies" section;
provision of services, correspondence, conclusion or performance of a contract; legal basis: our legitimate interest in concluding or performing contracts, meeting legal obligations or conducting business correspondence and in order to establish, pursue or defend against claims, i.e. art. 6 sec. 1 lit. f GDPR; in the event of concluding a contract with us, the basis for the processing of your personal data is art. 6 sec. 1 lit. b GDPR - the necessity of data processing to perform the contract or to take action at your request, before concluding the contract. In order to comply with legal obligations incumbent on us, e.g. in the scope of issuing an invoice and its storage, the basis for the processing of personal data is art. 6 sec. 1 lit. c GDPR; providing your data is voluntary, but necessary to provide services, conduct correspondence, conclude or perform a contract;
On the basis of separate consents, if they are granted, we will be able to process your personal data for the purpose of direct marketing and sending commercial information by electronic means of communication, including by e-mail and telephone. The legal basis for the processing of personal data in this case is the consent given.
Processing of personal data in current business contacts
As part of concluding contracts as part of business activity, the Data Administrator may be provided with personal data of employees or associates of the Data Administrator's clients or contractors, or other persons designated for contact in connection with the performance of the contract with the Data Administrator's client or contractor. The scope of the personal data obtained is limited to the extent necessary to perform the contract, which includes:
identification data (e.g. names and surname);
business contact details (e.g. e-mail address, telephone number);
data on the function performed (job title, designation of the function performed, place of performing the function/occupying the position, designation of the entity in which the person works);
other data disclosed to the Data Administrator for business contacts and business relationships.
If you do not provide your personal data directly to the Data Administrator, your personal data has been made available to the Administrator by:
the entity on behalf of which you act or the entity that provided your personal data as necessary to maintain business contacts or business relationship with this entity;
the entity that provided your personal data in connection with the performance of the contract with the Data Administrator.
In the above cases, your personal data is processed for purposes arising from the legitimate interests pursued by the Data Administrator (Article 6(1)(f) of the GDPR), for which the Data Administrator considers in particular: correct and effective implementation and performance of the contract with a client or contractor, including maintaining business contacts in connection with this agreement, as well as conducting internal analyses, ensuring the security of the ICT environment, using internal control systems and pursuing and defending one's rights against claims and in court and out-of-court proceedings.
In order to create a database of its business contacts, the data controller, on the basis of its legitimate interest (Article 6(1)(f) of the GDPR), consisting in establishing and maintaining business relationships, also collects data of persons who may constitute important business contacts, e.g. as a result of his business cards.
Administrator profiles on social networks (Twitter, LinkedIn)
The data controller maintains profiles on social networks such as Twitter and LinkedIn. In connection with the comments or other manifestations of activity left by the users of these portals, the Data Administrator processes the personal data of these persons. The purpose of processing this data is based on the legitimate interest of the Data Administrator consisting in enabling the activity of users of these portals on the profile of the Data Administrator, effective running of this profile by the Data Administrator, conducting statistical and analytical activities, and if necessary - the purpose of investigating or defense against claims.
configuring your browser to notify you when you receive any cookie.
If you do not consent to receiving cookies at all, please set your browser so that it does not accept cookies automatically. However, this may limit the proper display of certain features and refusing to accept them may limit the functionality of our Site.
We use the following cookies on our website.
Used by the Cloudflare partner network to identify trusted web traffic. Expires after 29 days.
Necessary for the website's chatbox function to work. Expires after 6 months.
Used to determine the visitor's preferred language. Sets the language on the website accordingly. Expires after one year.
Identifies the last page opened by the visitor. It is used to increase the functionality of the chatbox. Expires after 6 months.
Used for security purposes. It expires after the session ends.
Used for security purposes. It expires after the session ends.
Used in connection with login. It expires after the session ends.
Used to indicate the system on which the page was rendered. Expires after one minute.
Used for system monitoring and troubleshooting. Expires after three months.
Used for system monitoring and troubleshooting. It expires after the session ends.
Used to manage the cookie banner. Expires after 12 months.
Used to identify users logged in to the website. It expires after the session ends.
Used for security purposes. It expires after the session ends.
Used to monitor system efficiency. Expires after 30 minutes.
Used to monitor system stability/performance. Expires after 12 months.
Used to save the user's language preferences. Expires after 12 months. This cookie is functional, unlike the cookies mentioned above, which are essential for the proper functioning of the website.
Third party cookies
SEDIVIO uses Google Analytics to analyze website statistics. This tool stores cookies on your computer. The data collected by Google Analytics is used to better understand visitors to our website and how they use it. The use of the Google Analytics tool is based on the legitimate interest of the Data Administrator, consisting in the creation of statistics and their analysis in order to optimize the Website.
Due to the fact that the supplier of the Google Analytics tool, i.e. Google LLC, has infrastructure (servers) in the USA, and therefore there is a possibility that the data collected through this tool will go outside the EEA, Google LLC uses compliance mechanisms such as standard contractual clauses.
In order to prevent the recording of data collected by cookies regarding the use of the Website by Google, it is possible to download the browser add-on blocking Google Analytics, which is available for download at: https://tools.google.com/dlpage/gaoptout
The principles of data processing within Google Analytics are available at: https://support.google.com/analytics/topic/2919631
Persistent cookie used to count the number of individual visitors to the site. It stores information about the number of visits, the time of the first visit, the previous visit and when the current visit started, as well as the time of the last interaction with the site. Some of the information is updated with each page view. Expires two years after being added or last updated.
Session cookie used to determine the number of visits to the site. It stores a unique number, information about the number of tabs viewed during the current visit and the start time of the current visit. Some information is updated with each page view. Expires thirty minutes after being added or last updated.
Session cookie used together with the __utmb cookie to determine if there is a new visit to the site (30 minutes of inactivity counted as a new visit by Google Analytics). Stores a unique number. It expires when you close your browser.
Persistent cookie used to measure website traffic sources and website navigation (for example, which search engine was used to access the website). Keeps a unique number, traffic source redirect time information, traffic source counter and traffic source name/type, search terms from external search engines. Expires six months after being added or updated.
More information about cookies placed by Google can be found here: http://www.google.com/intl/en/policies/technologies/types/.
We use the Twitter social plug-in on some of our pages. If you visit such a page, a connection to the LinkedIn server is also established, which allows you to send information to your browser regarding, among others, how you use our website. This information may also be added to your Twitter account, provided that you are logged in to Twitter when using our website.
We use the LinkedIn social plug-in on some of our pages. If you visit such a page, a connection to the LinkedIn server is also established, which allows you to send information to your browser regarding, among others, how you use our website. This information may also be added to your LinkedIn account, provided that you are logged in to LinkedIn when using our website.
More information about cookies from LinkedIn can be found here: https://pl.linkedin.com/legal/cookie-policy.
Journalists and media representatives
We process personal data of journalists and media representatives in order to communicate with the media, in particular: sending press materials, invitations to press conferences and media events and making telephone contact, as well as in order to track the activity of recipients of correspondence (legitimate interest of the Data Administrator, art. 6(1)(f).
The personal data in question were obtained directly from a journalist or media representative or come from publicly available sources, in particular from websites, press announcements and other information of a general nature. These data include basic identification data in the form of name and surname, business contact details (e.g. e-mail address, telephone number), data on the function performed (job title, designation of the function performed, place of performing the function/occupying the position, designation of the entity where the person works).
We maintain a high level of technical security in all systems (including traceability, data recovery in the event of failure, access restrictions, etc.). We ensure that our employees have access to personal data only in situations where there is a strict need and only to the extent necessary. We have also taken steps to ensure that our subcontractors guarantee the use of security measures in the case of data processing on our behalf.
Rights related to the processing of personal data and how to use them
In accordance with applicable law, you have the following rights:
the right to access your data and receive a copy thereof (Article 15 of the GDPR);
the right to rectify (correct) your data (Article 16 of the GDPR);
the right to delete data (Article 17 of the GDPR);
the right to limit data processing (Article 18 of the GDPR);
the right to data portability (Article 20 of the GDPR);
the right to withdraw consent if such consent has been given - you have the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal;
the right to lodge a complaint to the President of the Office for Personal Data Protection (ul. Stawki 2 00-193 Warsaw) - if you decide that the Data Administrator processes your personal data unlawfully, detailed access data are available on the Office's website www.uodo.gov.pl
Right to object
You have the right to object to the processing of personal data for reasons related to your particular situation (Article 21(1)(4-5) of the GDPR). When lodging an objection, you should indicate a special situation which, in your opinion, justifies the cessation of the processing of personal data covered by the objection by the Data Administrator. The data controller will stop processing your personal data for the purposes set out above, unless it demonstrates the existence of valid legally justified grounds for processing, rights and freedoms superior to you, or that your data is necessary for the data controller to establish, pursue or defend claims.
The right to object to the processing of data for marketing purposes
You have the right to object at any time to the processing of your personal data for direct marketing purposes. If this right is exercised, the Data Administrator will stop processing data for this purpose.
Not all of the above rights are absolute, which means that you will not be entitled to all processing activities. Your only right is always the right to lodge a complaint with the competent supervisory authority if you believe that our processing of your personal data violates the provisions of the GDPR.
We encourage you to familiarize yourself with the above rights.
Rules for submitting requests related to the exercise of rights
We have appointed a Data Protection Officer who can be contacted in any matter regarding the processing of personal data via the address firstname.lastname@example.org
An application regarding the exercise of your rights by SEDIVIO should be submitted in the form of an e-mail, by writing a message to the e-mail address: email@example.com or by correspondence to the address ul. Okopowa No. 47, 01-059 Warsaw.
Automated decision making, profiling
The data controller does not use your personal data for profiling or as part of an automated decision-making system.