Privacy policy

HESEYA.COM PRIVACY POLICY

PERSONAL DATA PROCESSING POLICY OF HESEYA SP. Z O.O.

COOKIES POLICY

1. GENERAL INFORMATION

Respecting your rights and respecting the principles of personal data protection, this document has been developed as an expression of care for the rights of people using heseya.com and the services offered by Heseya sp. z o.o. with its registered office in Warsaw.

2. DEFINITIONS
   • Controller or Heseya (Personal Data Controller) – Heseya z o.o. with its registered office in Warsaw, ul. Chłodna 22a lok. 14, 00-891 Warsaw, entered into the Register of Entrepreneurs kept by the District Court in Bydgoszcz, XIII Commercial Division of the National Court Register, under the KRS number: 0000706809, NIP 9571099580.
   • Recipient of the Consultation – a natural person who has registered for the consultation of idea provided by the Controller using the form available on the Website.
   • Newsletter Recipient – a natural person who has registered for the newsletter prepared by the Controller using the form available on the Website.
   • Contact Person – a natural person who conducts correspondence with the Controller by e-mail, traditional mail or other means.
   • Privacy Policy – this Privacy Policy heseya.com, Data Processing Policy of Heseya z o.o. and the Cookie Policy.
   • GDPR – Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (Dz. Urz. EU L 119 of 5.4.2016).
   • Website – a website owned by the Administrator, available at heseya.com.
   • UoŚUE – Act of 18 July 2002 on the provision of electronic services (consolidated text: Journal of Laws 2002 No. 144, item 1204).
   • Website User – every natural person visits the Website or uses one or more services or functionalities available on the Website, including the Consultation Recipient, the Newsletter Recipient and the Contact Person.
3. RULES OF PROCESSING OF WEBSITE USERS' PERSONAL INFORMATION
   • Personal data of the Website Users is collected, stored, processed and protected by the Controller in accordance with applicable law, in particular in accordance with the GDPR and on the terms specified therein.
   • The Data of the Website Users is managed by the Controller. The processing of personal data on the Website is limited only to data necessary for the Controller to provide electronic services available on the Website, information about the activity of Website Users on the Website and data necessary to settle the matter with the Contact Person.
   • Providing personal data by Website Users takes place (i) in the case of Newsletter Recipients at the time of registration for the newsletter using the form available on the Website, (ii) in the case of Consultation Recipients at the time of registration for consultation using the form available on the Website, (iii) in the case of Persons contacting at the time of providing data by a Person contacting in electronic, traditional or other correspondence. Providing the above-mentioned data is voluntary, however, it is necessary to use the Website.
   • At any time, the Website User may cancel the use of any service provided on the Website. If for any reason the Website User does not wish to leave the personal data, it has the right to delete them. Data Subject (the Website User) has the right to request access to data concerning that person, rectification, deletion, restriction of processing, transfer of data and lodging a complaint to the supervisory authority.
   • In the case of the Newsletter Recipient, the Administrator processes the following personal data: e-mail address.
   • In the case of the Recipient of the Consultation, the Controller processes the following personal data: name, surname, company name, e-mail
   • In the case of a Contact Person, the Controller processes only data relevant to the resolution of a given case and the responses to the contact that have been provided by the Contact Person.
   • The personal data of the Website Users regarding the period of personal data storage is contained in the table in point 3.12 below.
   • The data of the Website Users are not shared or entrusted to third parties, except when the Website User has given additional consent to the use of the data for marketing purposes or such sharing results from the applicable provisions of law obliging the Controller to transfer them to authorized entities, as well as in a situation where this entrustment is necessary for the performance of services provided by the Controller within the Website (e.g. MailJet for Newsletter Recipients).
   • On the basis of the obtained personal data of the Website Users, collective, general statistical summaries may be prepared, disclosed to third parties. They usually include information on website viewing. However, these lists do not contain any personal data allowing the identification of individual Website Users.
   • The table below indicates the detailed purposes of the processing of personal data of the Website Users, the legal basis for the processing and the period of processing of these data:

Purpose of processing	Description of the goal	Legal basis of the data processing	Duration of processing
Provision of services by electronic means	In this case, personal data of Website Users is processed in order to provide electronic services by the Controller in the scopeof providingcontent collected on the Website.	The legal basis for processing is thenecessity of processing to perform the Agreement (Art. 6 section 1 letter b GDPR)	Until the objection is filed, and after filing only for the purpose of possible establishment and pursuit of claims or defense against claims.
Implementation of the Controller's services marketing	In this case, the personal data of the Website Users will be processed in order to informthe Website Users about the Controller's activity and promotevarious types of events, services and products. If the Controller decides to carry out marketing by sending the so-called mailing – the Website User will be asked to give additional consent. The indicated goal can also be achieved by displaying personalized advertising based on profiling. According to GDPR, ‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.	The legal basis for the processing is the consent of the Website User and the legitimate interest of the Controller (Art. 6 section 1 letter a) and letter f) GDPR)	Until the consent is withdrawn or until the objection is filed, and after filing only for the purpose of possible establishment and pursuing claims or defending against claims.
Ensuring safety in the Website	In this case, the personal data of the Website Users will be processed in order to prevent unauthorized access to electronic communications networks and the distribution of malicious codes, to interrupt "denial of service" attacks, as well as to prevent damage to computer systems and electronic communications systems, as well as to verify whether Customers provide unauthorized content on the Website.	The legal basis for the processing is the legitimate interest of the Controller (Art. 6 section 1 letter f) of the GDPR)	Until effective objection is raised or until mutual claims are time-barred (e.g. related to a breach of the security rules on the Website – depending on which event occurs first).
Implementation of statistical analysis, including financial analysis	In this case, the personal data of the Website Users will be processed in order to improve the quality of services provided by the Controller. This analysis will be performed in a non-automated manner.	The legal basis for the processing is the legitimate interest of the Controllerconsistingin conducting analyses of the activityof Website Users, as well astheir preferences in order to improve the functionality and services provided (Art. 6 section 1 letter f) of the GDPR)	Until the objection is filed, and after filing only for the purpose of possible establishment and pursuing claims or defending against claims.
Geolocation	In this case, the personal data of the Website Users will be processed in order to display the Website Users of personalized advertising. The Website User will be asked for additional consent.	The legal basis for the processing is the consent of the Website User and the legitimate interest of the Controller (Art. 6 section 1 letter a) and letter f) GDPR)	Until the consent is withdrawn or until the objection is filed, and after filing only for the purpose of possible establishment and pursuing claims or defending against claims.
Sending a newsletter	In this case, the personal data of the Newsletter Recipients will be processed in order to inform the Website Users about the Controller's activity and to promote various types of events, services and products. In this case, the Newsletter Recipient will be asked for additional consent and provide an e-mail address.	The legal basis for processing is the consent of the Website User (Art. 6 section 1 letter a of the GDPR).	Until the consent is withdrawn, and after withdrawal only for the purpose of determining and pursuing claims or defending against claims.
Provision of consultations	In this case, the personal data of the Recipients of the Consultation will be processed in order to identify the Recipient of the Consultation who completed the form available on the Website and to contact them.	The basis for processing is to take action at the request of the Recipient of the Consultation before the possible conclusion of the Agreement and the legally justified Controller (Art. 6 section 1 letter b and letter f of GDPR)	Until an effective objection has been lodged or until any counterclaim has been time-barred.
Contacting the Controller through different channels	In this case, the personal data of the Contact Persons are processed solely for the purpose of communication and handling the matter. This applies to the contact of the Website Users with the Controller through correspondence by e-mail, traditional mail or other forms of contact.	The legal basis for the processing is the legitimate interest of the Controller, consisting in his/her correspondence in connection with the inquiry of the Contact Person (Art. 6 section 1 letter f) of the GDPR)	Until an effective objection has been lodged or until any counterclaim has been time-barred.
Exercising the obligations related to the exercise of the rights indicated in the GDPR	In this case, the personal data of the Website Users are processed only to the extent necessary to identify and verify the identity of the person submitting the request.	The basis for processing is the fulfillment of the legal obligation incumbent on the Controller (Art. 6 section 1 letter c GDPR)	Until the statute of limitations on counterclaims expires.
Investigation, establishment or defence of claims	In this case, the personal data of the Website Users will be processed solely for the purpose of pursuing, establishing or defending claims.	The legal basis for the processing is the legitimate interest of the Controller, consisting in the protection of its rights (Art. 6 section 1 letter f) of the GDPR)	Until the expiry of the claims both against and for the Controller.

4. COOKIES POLICY
   • The website uses a mechanism called cookies.
   • The so-called cookies are IT data, in particular text files, which are stored on the Website User’s end device and are designed to use the pages offered by the Website. Cookies usually contain the name of the website from which they originate, the time for which they are stored on end-devices and its unique number. The information collected on the basis of Cookie files is used for the purposes of the proper optimization of the website, as well as for statistical and advertising purposes.
   • Website controller is the entity that uploads the cookies in the Website User’s end device and who may have access to such cookies.
   • Cookie mechanism is responsible for:
     • creating statistics, which help to assess the way in which the Service Users use the websites, which allows for improving the Website's structure and content;
     • maintaining a session of the Website User, so that it does not have to re-enter the login and password on each subpage of the Website.
     • adjusting the content of the Website pages to the User's preferences and optimizing the use of the Website pages. In particular, these files allow to recognize the device of the Website User and properly display the website, tailored to their individual needs.
   • Two basic types of cookies can be used in the Website: "session" cookies and "persistent" cookies. Session cookies are temporary files that are stored on the User's end device till log out time, leaving the website or disabling the software (web browser). Persistent cookies are stored on the User's end device within time specified in the parameters of the cookies or until they are deleted by the User.
   • Website uses the following types of cookies:
     • "necessary" cookies, allowing for the use of the services available within the Website, e.g. authentication cookies used for the services that require authentication on the Website; the cookies used to guarantee security, e.g. those used to detect fraud in the authentication within the Website;
     • "functional" cookies, enabling "remembering" the settings selected by the visitor and personalizing the interface, e.g. in the selected language or region from which the person logged on to the website comes, font size, appearance of the website, etc.;
     • "performance" cookies allowing for the collection of the data concerning the use of the Websites within the Service;
     • "advertising" cookies, enabling the provision of advertising content to visitors of the Website more tailored to their interests.
   • In many cases, the software used to browse websites (a web browser) allows for default storing of cookies on the user's device.
   • Third-party vendors, including Google, use cookies to serve ads based on your previous visits to this site. Users can opt out of Google cookies on the Google ads opt-out page – http://www.google.com/privacy/ads/.
   • Users of the Website using the Website may change the cookie settings at any time. These settings can be changed in such a way as to block the automatic handling of cookies in the web browser configuration, or to inform about them every time they are placed on the website's user's device.
   • Detailed information regarding the possibility and methods of handling cookies is available in the browser settings. In most browsers, disabling cookies can be described as follows:
     • Open browser menu
     • Select Settings
     • Select Advanced Settings or Security and Privacy
     • Set Cookie Block
   • In selected browsers, the rules for blocking cookies are determined each time by the providers of such browsers.
   • Please be advised that any restrictions in the use of cookies may affect some of the functionalities available on the Websites.
   • The User can delete Cookies at any time using their browser functions.
5. PROTECTION OF THE PRIVACY OF MINORS
   • Website does not monitor and verify information about the age of the Website Users.
   • Controller is not responsible for any possible use of the Website by minors or for actions taken by them. Legal responsibility for such actions rests solely with the legal guardians of the minor.
6. SAFETY MEASURES
   • Website is provided with security measures aimed at protecting personal data processed by the Controller against loss, improper use and modification. Controller also has appropriate documentation and has implemented appropriate procedures related to the protection of personal data on the Website.
   • Controller ensures that it protects all information disclosed by the Website Users in accordance with applicable regulations and security standards.
   • Controller declares that when commissioning other entities to provide services, it requires partners to apply appropriate standards of protection of entrusted personal data and controls the compliance of these entities with these standards.
   • In order to ensure proper protection of the services provided by the Controller by electronic means, the Controller applies a high level of security, including cryptographic protection of the transmission of personal data (SSL protocol).
   • Due to the public nature of the Internet, the use of services provided electronically by the Website Users may be associated with threats, regardless of the Controller's due diligence. It is therefore necessary that the Website Users also take care of the security of the devices through which they use the Website.
7. RIGHTS OF USERS OF THE WEBSITE
   • Users of the Website have the right to delete personal data from the Controller's database.
   • The recipient of the Newsletter may provide a request to delete personal data from the Controller's database by using the link in each Newsletter.
   • In the case of personal data processed on the basis of consent (art. 6 section 1 item 1) of the GDPR), it can be withdrawn at any time. You can withdraw your consent at the Data Controller's premises or via the appropriate form. In the event of withdrawal of consent, the Data Controller will assess whether it still has grounds for data processing. In this case, further processing of data will be possible to defend against claims (e.g. by demonstrating that the right to withdraw consent has been exercised) and only to the extent necessary for this purpose.
   • In the case of data processing based on the justified interest of the data controller, i.e. based on Art. 6 section 1 item f) of the GDPR), you can object at any time – for reasons related to a special situation – to the processing of personal data.
   • In addition to the right to withdraw consent and object, persons whose data are processed by the Controller have the right to access data, including obtaining copies of data, the right to transfer data, the right to rectify and delete data, restriction of processing and the right not to be subject to a decision that is based solely on automated processing, including profiling, and has legal effects or similarly significantly affects it. You can exercise these rights in the following manner: at the Data Controller's headquarters or via the following e-mail address: gdpr@heseya.com
   • In case of doubts regarding the processing of personal data, the Website User may submit a complaint to the supervisory authority (in Poland, it is the President of the Office for Personal Data Protection.)
8. THIRD PARTY ADS AND LINKS
   • The advertisements posted on the Website come from the Controller's partners.
   • Ad publishers can only be informed about the number of ad impressions. Other information, and in particular personal data of the Website Users, is not made available. In order to obtain details about advertisements and cookie elements from the Controller's partners, please read the relevant provisions on the advertisers' websites.
   • The website contains links to other websites. Controller is not responsible for the privacy policy applied by the owners or administrators of the websites to which they redirect the links posted on the Website. In case of doubt, the Website Users should read the privacy statements placed on these pages.
9. CONTACT
   • If you have any questions, comments or concerns about the Policy, please contact us at: gdpr@heseya.com
10. PRINCIPLES OF DATA PROCESSING BY OTHER SERVICE PROVIDERS
    • Social network. The Website uses plugins for social networking sites of the following providers:
      • Facebook, Instagram (Operator: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, United States) - https://www.facebook.com/policy.php, https://help.instagram.com/519522125107875?helpref=PAGE_CONTENT
      • These plugins usually collect data fromthe Website User as standardand send it to the server of the relevant provider, clicking the symbol will activate the plugin and will mean granting consent to transfer data to the relevant provider. The legal basis for using such plugins is Art. 6 section 1 letters a) and f) of the GDPR (legitimate legal interest of the controller).
      • Enabled plugins also collect personal data, such as the IP address oftheUser, and send it to the server of the respective provider, where the data is stored. When the Website User visits a relevant website, the plugin configures a cookie with a unique identifier. This allows the supplier to generate behavioral profiles of the Website User. If the Website User belongs to the social network of a given provider and logs in during visits to the website, his/her data and information about his/her visits to this website may be associated with his/her profile on the relevant social network. More information on the scope, specificity and purpose of data processing and the rights and options of the protection settings is available in the Policies of the Service Providers indicated above.
    • Additionally, the service provider may send messages to persons who agree or this results from the implementation of the ordered services using the mailing tools provided by Mailjet inc., 4 Rue Jules Lefebvre, 75009 Paris 9, France, https://www.mailjet.com/privacy-policy/.
    • Analysis of Website Users' behavior

Google Analytics

• The website uses Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. This allows the assignment of data from various devices to the ID of the Website User and allows for the analysis of activities undertaken by this Website User from the level of observed devices (also Firebase and Optimize services).
• Google will use this information at the request of the website operator to assess how the Website User uses this website, so that reports on website activity can becompiledand other services related to the website and use of the Internet can be performed for the website operator. The processing of data for these purposes is also in the legitimate interest of the Website operator. The legal basis for using the Google Analytics service is art. 6 section 1 letter f) GDPR. Please visit https://www.google.com/analytics/terms/en.htmli https://policies.google.com/?hl=en for more information about the terms and conditions of this service and data protection.
• The Website User can prevent cookies from being saved by selecting the appropriate settings in his/her browser. In this case, however, the Website User will not be able to fully use all the functions of the website. The Website User may also prevent the collection and processing by Google of data generated by cookies and data related to the User's use of the Website (including their IP address) by downloading and installing the add-on available at https://tools.google.com/dlpage/gaoptout?hl=en. To set a opt-out cookie, click here: Disable Google Analytics.
• In order to offer services that are most tailored to the expectations of the Website Users, the Website uses the Google Ads display system and uses the Google conversion tracking function for the purpose of personalizing online ads based on interests and locations. The IP anonymization option is controlled by the Google Tag Manager using an internal setting. This setting is configured to include IP addresses as required by privacy laws. Ads appear based on search requests on sites that are part of the Google Display Network. The Website user can also choose the type of Google ads displayed to him or disable interest-based Google ads using the ads settings page. It may also disable third-party cookies by using the opt-out tool provided by Network Advertising Initiative.
• If the Website User does not want to receive any personalized ads, he/she may disable the option to display such ads using the Google Ad Settings page.
• Facebook Ads and conversion tracking.
• LinkedIn Ads and Conversion Tracking.

• For more information on how Google uses cookies, please see the Google Privacy Policy.

11. PRIVACY POLICY AMENDMENTS

Controller reserves the right to change the Privacy Policy at any time, and at the same time undertakes to immediately publish the new Privacy Policy on the Website.