PRIVACY POLICY

AFORMIC Polska Sp. z o.o. with its registered office in Gliwice, 113 Wyczółkowskiego Street, 44-109 Gliwice, KRS: 0001041734, NIP: 9691658467, REGON: 525570917 (hereinafter “Data Controller”), which can be contacted as follows:

  1. by mail to the registered office address,
  2. via email: prawnik@aformic.com.

 

The Data Controller reserves the right to make changes to this Policy, and each User of the Website is obliged to know the provisions of the current Policy. The most common reasons for changes may be, in particular, the development of Internet technology, changes in generally applicable law, or the development of the Website through the implementation of new functionalities by Data Controller. The change will be communicated to the Users of the Website by posting the updated version on the Website or in the manner customarily adopted by the Data Controller in dealing with the Users, including, in particular, by e-mail.

 

  1. PROCESSING OF PERSONAL DATA IN CONNECTION WITH THE USE OF THE WEBSITE

In connection with the User’s use of the Website, the Data Controller collects data to the extent necessary to provide the particular services offered.  Detailed rules and purposes for processing Personal Data collected during the User’s use of the Website are described below.

 

Purpose of personal data processing

Legal basis and term of the processing period

Undertaking the steps necessary to conclude and implement the contract

Legal basis: Article 6(1)(b) GDPR – performance of a contract.

 

Processing period: for the duration of the contract and for the period resulting from the provisions of the law relating to the obligation to keep accounting documents, as well as for the period of limitation of possible claims.

Fulfilment of the Data Controller’s obligations under the law, in particular those related to bookkeeping and accounting records

Legal basis: Article 6(1)(c) GDPR – legal obligation.

 

Processing period: The data are processed for the period resulting from the applicable legal regulations. In the case of accounting and accounting records, as a rule, the period is 5 years calculated from the end of the year in which the event occurred for which the accounting document was issued.

Conducting correspondence, as part of the handling of the case, including answering questions via the contact telephone number and e-mail address of the Data Controller provided on the Website

Legal basis: art. 6(1)(f) GDPR – legitimate interest of the Data Controller.

 

Processing period: no longer than necessary to respond and/or resolve the matter, with the proviso that thereafter the data may be processed for the period of limitation of possible claims.

Analysing web traffic, ensuring security on the Website and customizing content for Users

Legal basis: Article 6(1)(f) GDPR – legitimate interest of the Data Controller.

 

Processing period: Data related to web traffic analysis collected through cookies and similar technologies may be stored until the cookie expires. Some cookies never expire, so the duration of data storage will be equivalent to the time necessary for the Data Controller to fulfil the purposes of data collection, such as ensuring security and analysing historical data related to website traffic.

Determination, investigation and defence against claims

Legal basis: Article 6(1)(f) GDPR – legitimate interest of the Data Controller.

 

Processing period: within the statute of limitations for possible legal claims.

 

Voluntariness of providing data:

The transfer of data is voluntary, but necessary for the performance of a contract and other purposes of the Data Controller indicated above. Refusal to provide data may result in the inability to perform the contract and other processing purposes indicated above.

 

Profiling

The Data Controller will not use the acquired data of the Users of the Website to make decisions based solely on automated processing of personal data, including profiling within the meaning of Article 22 GDPR.

 

Recipients of data

The Data Controller may share the processed data of the Users of the Website:

  • with its employees and associates who, within a certain, limited authorized scope, may have access to Users’ data in connection with their official duties;
  • if it is justified due to the conducted cooperation (e.g. for the purpose of realization of the contract connecting us with you), also with other Companies belonging to the Data Controller’s capital group, which are: FuelPrime Sp. z o.o. (Poland), AIUT Sp. z o.o. (Poland), IMI-Polska Sp. z o.o. (Poland), Aiut Invest ASI S.A. (Poland), Aiut Estate Sp. z o.o. (Poland), Aformic RTLS Sp. z o.o. (Poland), Aformic Inc. (USA), AIUT Inc. (Canada), Aiut Engineering Inc. (USA), Aiut GmbH (Germany), AIUT Romania S.R.L. (Romania), AIUT Technologies LLP (India), Shenyang AIUT Automation Co., Ltd. (China);
  • with external entities to which the Data Controller has entrusted the processing of personal data of the Users of the Website, in particular: providers of technical services (i.e. IT services, providers of IT systems), transport companies, entities providing debt collection services, etc..;
  • with authorized entities to the extent and in accordance with the rules of law.

 

Transfer of data to third countries

Users’ personal data, as a rule, will not be transferred outside the European Economic Area (hereinafter „EEA„). However, taking into account the provision of services by our subcontractors in the implementation of support for ICT services and IT infrastructure, the Data Controller may outsource certain activities or IT tasks to recognized subcontractors operating outside the EEA, which may ultimately result in the transfer of Users’ data outside the EEA.

States of recipients outside the EEA, in accordance with the decision of the European Commission, shall ensure an adequate degree of protection of personal data in accordance with EEA standards. For recipients in the territory of countries not covered by the European Commission’s decision, in order to ensure an adequate degree of such protection, the Data Controller or an entity acting on behalf of the Data Controller shall conclude agreements with the recipients of your personal data, based on the based on the standard contractual clauses issued by the European Commission, or the Data Controller shall apply other adequate and appropriate safeguards required by data protection legislation.

 

Rights relating to the data processing

The GDPR specifies certain rights that individuals have in connection with the processing of their personal data by Data Controllers. Accordingly, Users of the Website are entitled to the following:

  • access to your personal data and obtain a copy of it (Article 15 GDPR);
  • to rectify or update personal data (Article 16 GDPR);
  • erasure of personal data (Article 17 GDPR);
  • restrictions of the processing of personal data (Article 18 GDPR);
  • withdrawal of granted consent (Article 7(3) GDPR) – whereby the withdrawal of consent does not affect the lawfulness of its use during the period when the consent was in effect;
  • object to processing when the basis for processing is the legitimate interest of the controller (art. 21 GDPR);
  • to lodge a complaint to the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warszawa) if there is a suspicion that the Data Controller’s data processing violates the GDPR.

 

In order to exercise your rights, you should contact the Data Controller at e-mail address: prawnik@aformic.com or by mail to the registered office address indicated above.

We would like to inform you that the rights indicated above are not absolute and do not apply in every case of Website User data processing by the Data Controller. Before exercising the above-mentioned rights, the Data Controller is required to verify the person making the request as the subject of the personal data covered by the request.

 

2. PROCESSING OF PERSONAL DATA THROUGH SOCIAL NETWORKS

In connection with the User’s use of Social Networks, such as:

  • https://www.facebook.com/aformic/;
  • https://www.linkedin.com/company/aformic-inc/.

 

The Data Controller processes personal data of Users.

The following describes the specific principles and purposes of the processing of personal data collected during the use of Social Networks by the User.

Purpose of personal data processing

Legal basis and data storage and processing period

Effectively maintaining profiles on Social Networks, in particular by providing Users with information about products, initiatives and other activities related to the promotion of various events, services and products

Legal basis: Article 6(1)(f) GDPR – legitimate interest of the Data Controller.

Processing period: no longer than necessary to respond and/or resolve the matter, with the proviso that thereafter the data may be processed for the period of the statute of limitations for possible claims. It is also possible to process until an objection is made (or the user’s account on the Social Network is deleted).

Enabling activity on the Data Controller’s profiles, in particular, through correspondence through the services offered by the providers of the Social Networking Sites used, (including but not limited to: private messages, comments, etc.), as part of the handling of the matter, including answering the questions asked

Legal basis: art. 6(1)(f) GDPR – legitimate interest of the Data Controller.

Processing period: until an objection is raised (or the user’s Social Network account is deleted).

Determination, investigation and defence against claims

Legal basis: Article 6(1)(f) GDPR – legitimate interest of the Data Controller.

Processing period: until the statute of limitations for possible legal claims.

 

Voluntariness of providing data:

The transfer of data is voluntary, but necessary for the performance of a contract and other purposes of the Data Controller indicated above. Refusal to provide data may result in the inability to perform processing purposes indicated above.

 

Profiling

The Data Controller will not use the acquired data of the Users to make decisions based solely on automated processing of personal data, including profiling within the meaning of Article 22 GDPR.

 

Recipients of data

The catalogue of recipients of personal data processed by the Data Controller depends mainly on the products and services used by the user of a given Social Network, as well as the user’s consent or provisions of applicable law. The Data Controller may make the processed data of Users available to, among others:

  • its employees and associates who, within a certain, limited authorized scope, may have access to Users’ data in connection with their official duties;
  • external entities to which the Data Controller has entrusted the processing of personal data of the Users, in particular: providers of technical services (i.e. IT services, providers of IT systems), transport companies, entities providing debt collection services, etc.;
  • authorized entities to the extent and in accordance with the rules of law.

 

Transfer of data to third countries

Users’ personal data, as a rule, will not be transferred outside the European Economic Area (hereinafter „EEA„). However, taking into account the provision of services by our subcontractors in the implementation of support for ICT services and IT infrastructure, the Data Controller may outsource certain activities or IT tasks to recognized subcontractors operating outside the EEA, which may ultimately result in the transfer of Users’ data outside the EEA.

States of recipients outside the EEA, in accordance with the decision of the European Commission, shall ensure an adequate degree of protection of personal data in accordance with EEA standards. For recipients in the territory of countries not covered by the European Commission’s decision, in order to ensure an adequate degree of such protection, the Data Controller or an entity acting on behalf of the Data Controller shall conclude agreements with the recipients of your personal data, based on the based on the standard contractual clauses issued by the European Commission, or the Data Controller shall apply other adequate and appropriate safeguards required by data protection legislation.

 

Rights vested in connection with the processing

The GDPR specifies certain rights that individuals have in connection with the processing of their personal data by Data Controllers. Accordingly, Users are entitled to the following:

  • access to your personal data and obtain a copy of it (Article 15 GDPR);
  • to rectify or update personal data (Article 16 GDPR);
  • erasure of personal data (Article 17 GDPR);
  • restrictions of the processing of personal data (Article 18 GDPR);
  • withdrawal of granted consent (Article 7(3) GDPR);
  • object to processing when the basis for processing is the legitimate interest of the controller (art. 21 GDPR);
  • to lodge a complaint to the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warszawa) if there is a suspicion that the Data Controller’s data processing violates the GDPR.

 

In order to exercise your rights, you should contact the Data Controller at e-mail address: prawnik@aformic.com or by mail to the registered office address indicated above.

We would like to inform you that the rights indicated above are not absolute and do not apply in every case of User data processing by the Data Controller. Before exercising the above-mentioned rights, the Data Controller is required to verify the person making the request as the subject of the personal data covered by the request.

 

Co-administration of data of users of Social Networks

The Data Controller may process the personal data of Users visiting the Data Controller’s company profiles maintained on Social Networks (i.e. Facebook, X, YouTube, LinkedIn), in order to analyse users’ use of the Data Controller’s company profile and related content (including observing or stopping observing the Data Controller’s company profile maintained on a given Social Network, recommending the company profile in a post, reaction to the Data Controller’s publications, etc.) (legal basis Article 6(1)(f) GDPR, namely the Data Controller’s legitimate interest in conducting statistics). In this case, the Data Controller together with the owner of the respective Social Network are joint controllers of users’ personal data.

Details of the processing of users’ personal data under this processing are indicated:

 

It is the responsibility of the owner of a given Social Network to notify Users who use the products and services of a given Social Network about the processing of data for statistical purposes and to enable them to exercise their rights in accordance with the GDPR.

 

3. THE USE OF COOKIES

Cookies are computer data stored on the Users’ terminal equipment, intended for the use of the websites.

The Website allows the collection of information about the User through cookies and similar technologies, the use of which most often involves the installation of this tool on the User’s device (computer, smartphone, etc.). This information is used to remember the decisions of the User of the Website (including choice of font, contrast, acceptance of the Policy), to maintain the session of the User (e.g. after logging in), to remember the password (with consent), to collect information about the User’s device and his/her visit for security purposes, but also to analyse visits and to adjust the content.

The Data Controller uses cookies for the following purposes:

  • increase the usability of the Website and adjust its content to the individual preferences of the User;
  • creation of anonymous statistics on the basis of the Google Analytics system (analysis of Users’ actions on the Website and demographic data), excluding the possibility of identifying the User;
  • displaying remarketing ads via the Google AdWords system to Users who have visited the Website;
  • display personalized advertisements, tailored to Users’ interests and online behaviour,
  • verify the effectiveness of advertising and promotional campaigns carried out.

 

The Website uses the following types of cookies:

  • „necessary” cookies to enable the use of services available on the Website, e.g. authentication cookies used for services requiring authentication on the Website.;
  • cookies used for security purposes, e.g. used to detect misuse of authentication on the Website;
  • „performance” cookies, enabling the collection of information about the use of the Website’s webpages;
  • „functional” cookies, which make it possible to „remember” the user’s selected settings and personalise the user interface, e.g. with regard to the chosen language or region of origin of the user, the font size, the design of the website, etc.
  • „advertising” cookies, making it possible to provide users with advertising content more tailored to their interests.

 

The Website does not automatically collect any information except that contained in cookies. These include: IP address, domain name, browser type, operating system type, as well as data on the User’s navigation path and the time spent on specific pages.

For details on how cookies are handled, please refer to your browser settings. By means of these settings, it is possible to determine the extent of the User’s consent to the placement of these types of files on his/her browser. However, restricting the use or preventing the use of cookies may affect some of the Website’s functionalities. The User of the Website also has the possibility to use the Website in the so-called incognito mode, which blocks the collection of data about his/her visit.

Cookies placed on your terminal equipment may also be used by advertisers and partners cooperating with the Website operator.

The Data Controller informs that the introduction of restrictions on the use of cookies may affect some of the functionalities available on the Website. Additional information on the cookies policy can be obtained by contacting the Data Controller, at the e-mail address: prawnik@aformic.com.