Privacy policy

Version valid from September 27, 2021
adopted by the Resolution of the Management Board of braf.tech No. 1/09/2021 of September 27, 2021.

PRIVACY POLICY
INFORMATION ON THE PERSONAL DATA CONTROLLER AND THE RULES
FOR PROCESSING PERSONAL DATA

§ 1
Definitions

1. Controller – braf.tech sp. z o.o. with its registered office in Staniątki, Staniątki 858, 32-005 Staniątki, entered into the Register of Business Entities of the National Court Register kept by the District Court for Kraków-Śródmieście in Kraków, XII Commercial Division of the National Court Register, under KRS number 0000822581, REGON: 385260760, NIP: 6832108219;
2. Whiblo application or Whiblo app – an internet site through which the Controller’s whiblo software is made available;
3. Cookies – computer data, in particular text files in the form of a series of letters and numbers, stored on the User’s computer and intended for the purpose of using the Platform;
4. Personal data – any information relating to an identified or identifiable natural person;
5. Privacy Policy – this document;
6. Regulation – Regulation ( EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC;
7. Platform – the web portals or websites operated by the Controller and listed in Appendix 1 to the Privacy Policy;
8. User – any natural person visiting the Platform or using one or more services or functionalities provided by the Controller.

§ 2
Purposes and basis of processing

1. The Personal Data provided by the User will be processed for the purpose of:
a. communication, identification and responding to the User’s enquiries via the Platform, based on the User’s voluntary consent (the legal basis for such processing is that consent has been given to the processing of Personal Data pursuant to Article 6(1)(a) of the GDPR);
b. providing the User with products, services, solutions, activations, registrations or updates of products that have been purchased by the User from the Controller (the legal basis for such processing is that the processing is necessary for the performance of the contract pursuant to
Article 6(1)(b) of the GDPR);
c. providing services by electronic means consisting in providing Users with access to content on the Platform (the legal basis for such processing is that the processing is necessary for the performance of the contract pursuant to Article 6(1)(b) of the GDPR);
d. marketing, in particular:
i. contextual advertising – displaying marketing content to the User that is not tailored to the User’s preferences (the legal basis for such processing is the Controller’s legitimate interest in promoting its activities pursuant to Article 6(1)(f) of the GDPR);
ii. behavioural advertising – displaying marketing content to the User corresponding to
his or her interests (the legal basis for such processing is the consent given to the processing of Personal Data pursuant to Article 6(1)(a) of the of the GDPR);
iii. newsletter service – sending e-mail notifications to the User about interesting offers or content, which in some cases may contain commercial information (the legal basis for such processing is the consent given to the processing of Personal Data pursuant to Article 6(1)(a) of the GDPR);
iv. carrying out other activities related to direct marketing of goods and services (sending commercial information by electronic means and telemarketing activities) (the legal basis for the processing is the Controller’s legitimate interest in promoting its activities pursuant to Article 6(1)(f) of the GDPR);
e. the possible establishment and exercise of claims or the defence against them (the legal basis for the processing is the legitimate interest of the Controller in protecting its rights pursuant to Article 6(1)(f) of the GDPR);
f. handling complaints reported by the User (the legal basis for the processing is that the processing
is necessary for the performance of the contract pursuant to Article 6(1)(b) of the GDPR);
g. conducting, evaluating and improving the Controller’s activities (products and services) (the legal basis for the processing is the Controller’s legitimate interest consisting in conducting analyses of the Users’ activities, as well as their preferences in order to improve the applied functionalities and provided services pursuant to Article 6(1)(f) of the GDPR);
h. pursuing statistical and analytical goals (the legal basis for such processing is the Controller’s legitimate interest consisting in conducting analyses of the Users’ activities, as well as of their preferences in order to improve the applied functionalities and provided services pursuant to Article 6(1)(f) of the GDPR);
i. organisation and delivery of information and training services (the legal basis for such processing
is consent to the processing of Personal Data pursuant to Article 6(1)(a) of the of the GDPR).

§ 3
Data processing period

1. The period for which the Controller processes the Personal Data depends on the type of service provided and the purpose of the processing.
2. Data processed for the purpose of performing a contract shall be processed until the contact has been performed and, thereafter, at most until the elapse of the statute of limitations for the claims arising therefrom.
3. Personal Data processed on the basis of the Controller’s legitimate interest shall be processed until such interest has been implemented or until an objection is made.
4. Personal Data entrusted for processing on the basis of the data subject’s voluntary consent shall be processed until the consent is withdrawn.
5. The processing period of personal data may be extended by a maximum of the time necessary to exercise
or defend the relevant claims. After the expiry of the processing period, the data will be irreversibly deleted or anonymised.

§ 4
Recipients of the data

1. In connection with the activity carried out by the Controller, the Controller may make the User’s Personal Data available to external entities, in particular to: entities providing maintenance or technical support services for the Controller’s applications, computer programs, IT systems (including the Platform); banks; payment operators; entities providing accounting or legal services; couriers and other entities providing similar services; marketing agencies to the extent related to marketing services; the Controller’s related parties; and the Controller’s subcontractors responsible for the service of the User.
2. The Controller may also provide access to the User’s Personal Data in a situation when it is necessary to comply with a legal obligation to which the Controller is subject.
3. The Controller shall not transfer the User’s Personal Data outside of the EU and/or the European Economic Area.

§ 5
Rights of the User

1. The User may at any time withdraw his or her consent to the processing of the provided Personal Data that the Controller processes on the basis of the User’s consent. Such withdrawal of consent shall not affect the lawfulness of processing performed on the basis of the User’s consent before the withdrawal is made.
2. In addition, the User is entitled to:
a. request access to his/her Personal Data and receive a copy thereof;
b. to request rectification (revision) of his/her Personal Data;
c. request the erasure of his/her Personal Data;
d. request a restriction of the processing of its Personal Data;
e. to object to the processing of his/her Personal Data;
f. to request portability of his/her Personal Data;
g. to lodge a complaint with the supervisory authority – the President of the Office for Personal Data Protection.
3. The User may opt out of receiving marketing information from the Controller at any time.

§ 6
Contact and exercise of rights

If you wish to exercise your rights, please contact us:
a. by e-mail to: rodo@braf.tech or
b. by post to the following address: braf.tech sp. z o.o. with its registered office in Staniątki, Staniątki 858, 32-005 Staniątki

§ 7
Automated decision-making and profiling

The Controller does not make decisions by automated means and does not use profiling.

§ 8
Cookies

1. The Controller uses Cookies and other similar technologies in order to store information or access information which is stored on the device through which the User uses the Platform. Cookies do not cause any configuration changes to the User’s device or the software installed on that device.
2. Cookies allow the Controller to adjust the Platform to the User’s individual preferences and to profile and monitor his/her activity within the Platform.
3. The use of Cookies for the purpose of storing information or gaining access to the information stored on the User’s device is only possible if the User gives their prior consent to such action, unless the storage or gaining access to the information is necessary for the provision of the telecommunications service or electronically supplied service requested by the User, in which situation the User’s consent is not required.
4. The Controller uses Cookies for the following purposes:
a. configuration of the Platform, including the adjustment of its content and/or functionality to the
User’s preferences and the optimisation of its operation,

b. creating anonymous statistics which allow the Controller to analyse how the User uses the Platform;
c. obtaining information on the source from which the User accessed the Platform;
d. adapting the advertising presented via the Platform;
e. ensuring the security and reliability of the Platform.
5. Some web browsers allow the storage of information in the form of Cookies on the User’s device by default. However, the User may change these settings at any time. Failure to make such changes by the User means that the information in question may be placed and stored on his/her device, and thus the Platform will store information on the User’s device and access this information.
6. The User can manage Cookies independently from his/her web browser, and may, among other things:
a. accept the use of Cookies – this will enable the User to make full use of the options offered by the Platform;
b. manage Cookies at the level of individual websites selected by the User;
c. specify settings for different types of Cookies;
d. block or delete cookies.
7. Regarding the Platform, the Controller uses the following types of cookies:
a. session cookies – temporary files that remain on the User’s device until the browser is closed. The following cookies are currently used: qtrans_cookie_test, WP-cookie-info, icl_current_language (WordPress) responsible for storing the User’s session ID and the current language version;
b. external cookies – files originating from an external website other than the Platform: Google Maps, Google Analytics, Google Ads. These are subject to their own privacy policy:
https://policies.google.com/technologies/cookies?hl=en-US.
The following cookies are currently used: PREF, testcookie, khcookie, NID, SNID, _utma, _utmb, _utmc, _utmz, _ga, _git, _gat.
8. The Controller currently uses the following types of cookies in the whiblo app:
a. session cookies – temporary files that remain on the User’s device until the browser is closed. The following cookies are currently used: SESSION;
b. permanent cookies – files that remain in the browser of the User’s device for the time specified in the cookie parameters (not longer than 12 months) or until they are manually deleted by the User. They facilitate the use of websites, because certain actions do not have to be repeated, e.g. the selection of a specific display resolution, language or content layout. Currently the following cookies are used: COOKIE_CONSENT.
9. Comprehensive information on Cookies is available in the settings of your Internet browser or in the Help section in the menu of your Internet browser. Restrictions on or disabling of the use of Cookies and other similar technologies may affect some of the functionalities available within the Platform.

§ 9
Additional information

1. Users who register with the Platform are required to provide Personal Data necessary to create and operate a User account. A User may provide additional data, thereby giving their consent to the processing thereof. Such data can be deleted at any time. Providing data marked as obligatory is required to create and operate an account, and the failure to do so renders the creation of an account impossible. The provision of other data is voluntary.
2. Users who purchase a product or service provided by the Controller are obliged to provide Personal Data necessary to accept and process the User’s order. The User may provide additional data, thereby giving their consent to the processing thereof. Such data can be deleted at any time. Providing data marked as obligatory is required for accepting and servicing the order, and the failure to do so renders the processing of the order impossible. The provision of other data is voluntary.
3. Users who use the electronic contact form placed on the Platform are obliged to provide Personal Data necessary for communication, identification and responding to the User’s enquiry via the Platform. The User may provide additional data, thereby consenting to the processing thereof. Such data can be deleted at any time. Providing data marked as obligatory is required for communication, identification and responding to the User’s enquiry, and the failure to do so renders the handling of the enquiry impossible. The provision of other data is voluntary.
4. Users who subscribe to the newsletter are required to provide the Personal Data necessary to provide the newsletter service. The User may provide additional data, thereby consenting to the processing thereof. Such data can be deleted at any time. Provision of data marked as obligatory is required in order to provide the newsletter service, and the failure to do so makes it impossible for the newsletter to be sent. The provision of other data is voluntary.
5. Users who make use of the information and training services provided by the Controller are obliged to provide Personal Data necessary for the organisation and implementation of the information and training services. The User can provide additional data, thereby giving their consent to the processing thereof. Such data can be deleted at any time. The provision of data marked as obligatory is required in order to organise and provide information and training services, and the failure to do so makes it impossible for the User to use the information and training services provided by the Controller. The provision of other data is voluntary

§ 10
Amendments to the Privacy Policy

The policy is kept under review and updated as necessary.

ANNEX NO. 1
TO THE PRIVACY POLICY OF BRAF.TECH SP. Z O.O. WITH REGISTERED OFFICE IN STANIĄTKI

A list of web portals and websites operated by braf.tech spółka z ograniczoną odpowiedzialnością with its registered office in Staniątki:

1. https://braf.tech
2. https://www.whiblo.pl

‹ › ×

PRIVACY POLICY INFORMATION ON THE PERSONAL DATA CONTROLLER AND THE RULES FOR PROCESSING PERSONAL DATA

§ 1 Definitions

§ 2 Purposes and basis of processing

§ 3 Data processing period

§ 4 Recipients of the data

§ 5 Rights of the User

§ 6 Contact and exercise of rights

§ 7 Automated decision-making and profiling

§ 8 Cookies

§ 9 Additional information

§ 10 Amendments to the Privacy Policy

ANNEX NO. 1 TO THE PRIVACY POLICY OF BRAF.TECH SP. Z O.O. WITH REGISTERED OFFICE IN STANIĄTKI

Any questions? Contact us!