1. The administrator of personal data collected by means of HITME LTD, registration no. 14428102 in United Kingdom, e-mail address: firstname.lastname@example.org hereinafter referred to as the “Administrator” and who is also the “Service Provider.”
2. Personal data collected by the Administrator by means of the website shall be processed in accordance with the Regulation of the European Parliament and Council (EU) 2016/679 of April 27, 2016 on the protection of natural persons in relation to the processing of personal data and free flow of such data and revocation of Directive 95/46/EC (general regulation on data protection) hereinafter referred to as RODO.
TYPE OF PERSONAL DATA PROCESSED, PURPOSE
AND SCOPE OF DATA COLLECTION
1. PURPOSE OF PROCESSING AND LEGAL BASIS . The Administrator shall process HitMe Users’ personal data in the event of:
a) a registration of an Account on the Website, in order to create and manage an individual account by virtue of sec. 6(1)(b) of RODO (performance of a contract for the provision of electronically supplied services under the Regulations of the Website),
b) a purchase of Subscription in order to access paid content of the Website. Personal data are processed by virtue of sec. 6(1)(b) of RODO (performance of a contract for the provision of electronically supplied services under the Regulations of the Website).
2. TYPE OF DATA PROCESSED. In the event of:
a) Account, the User shall provide:
- e-mail address and
- IP address;
b) Subscription, the User shall provide:
- first name and surname,
- address of residence,
- Tax Identification Number,
- e-mail address and
- IP address.
3. TIME PERIOD OF PERSONAL DATA ARCHIVING. Users’ personal data shall be archived by the Administrator:
a) in the event that the grounds for data processing shall be the performance of a contract – as long as it is required to perform the contract and after this time throughout the time period corresponding to the period of limitation of claims. Unless a special provision provides otherwise, the limitation period shall amount to six years, and in the case of claims for periodical performances and claims related to business activity – three years;
b) in the event that the grounds for data processing shall be consent – as long as the consent is not withdrawn and after the withdrawal thereof throughout the period corresponding to the limitation period of claims that the Administrator may pursue and claims that may be pursued against the Administrator. Unless a special provision provides otherwise, the limitation period shall amount to six years, and in the case of claims for periodically performances and claims related to business activity – three years.
4. While using the Website additional information may be collected including but not limited to: an IP address ascribed to the User’s computer or an external IP address of the Internet supplier, domain name, type of a browser, access time and operational system type.
5. Positioning data may also be collected from Users including information on links which they decide to click on or other acts performed on the Website. The legal grounds for such acts shall be a justified legal interest of the Administrator (sec. 6(1)(f) of RODO) consisting in facilitating the use of the electronically supplied services and improving the functionality thereof.
6. Providing personal data by the User shall be voluntary.
7. Personal data shall also be processed in an automated way in the form of profiling if the User gives its consent thereto under sec. 6(1)(a) of RODO. The result of the above shall be that a given person has a profile assigned in order to make decisions or analyses related thereto or predict such person’s preferences, behaviour and attitude.
8. The Administrator acts with due care and diligence in order to protect the interests of data subjects and in particular it ensures that the data it collects shall be:
a) processed in accordance with the law,
b) collected for defined lawful purposes and not subject to further processing non-compliant with these purposes, and
c) substantially correct and in agreement with the purposes for which they are processed and stored in the form enabling the identification of data subjects no longer than it is required to achieve the purpose of processing.
TRANSFER OF PERSONAL DATA
1. Users’ personal data are transferred to the suppliers of services used by the Administrator when operating the Website including but not limited to:
a) system payment suppliers,
b) accounting office,
c) hosting providers,
d) suppliers of software enabling business activity (e.g. accounting software),
e) entities providing a mailing system, and
f) suppliers of the software required to operate a website.
2. Service suppliers who have personal data transferred upon depending on the contractual provisions and circumstances shall either be subject to the Administrator’s orders with respect to purposes and ways of data processing (processing entities) or individually determine such purposes and ways of data processing (administrators).
3. Users’ personal data shall be stored both on the territory of the European Economic Area (EEA) and beyond i.e. on the territory of the United States (the USA). Google Inc. with its registered seat in the USA shall be the entity to which personal data are transferred in order to distribute e-mails. The User entering personal data to its Account shall acknowledge that any correspondence sent by means of its Account shall be sent by means of SMTP GOOGLE.
RIGHT TO CONTROL, ACCESS AND CORRECT PERSONAL DATA
1. Data subjects shall have the right to access, correct and delete their own personal data as well as to restrict the processing thereof, have the right to transfer the data, raise an objection, withdraw consent at any time with no effect on the compliance with the right to process which was exercised by virtue of the consent granted prior to its withdrawal.
2. Legal grounds for the User’s request:
a) Access to data – sec. 15 of RODO,
b) Correction of data – sec. 16 of RODO,
c) Deletion of data (the so-called right to be forgotten) – sec. 17 of RODO,
d) Restriction of processing – sec. 18 of RODO,
e) Transfer of data – sec. 20 of RODO,
f) Objection – sec. 21 of RODO, and
g) Withdrawal of consent – sec. 7(3) of RODO.
3. In order to exercise the rights referred to under 4(2) hereinabove an appropriate e-mail message may be sent at: email@example.com .
4. In the event that the User exercises the right by virtue of the above rights the Administrator shall fulfil or refuse to fulfil the request immediately but no later than within a month of receiving the request. If, however, in view of the complex nature of the request or its number the Administrator is not able to fulfil the request within a month, it shall fulfil it within the next two months notifying the User in advance within a month of receiving the request of the intention to prolong the time limit and the reasons therefor.
5. In the event of breach of the provisions of RODO, the data subject shall have the right to file a complaint with the Head of the Office of Personal Data Protection.
2. The installation of cookies shall be necessary to properly provide services on the Website. Cookies contain information requisite for the proper operation of the website as well as enable the study of general website visit statistics.
3. The website uses two types of cookies: session and persistent.
a) Session cookies are temporary files stored in the User’s terminal equipment until the User logs out (leaves the website), and
b) Persistent cookies are stored in the User’s terminal equipment for the time specified in cookies parameters or until they are deleted by the User.
4. The Administrator shall use its own cookies in order to increase understanding of the way of the interaction between Users with respect to the content of the website. The files gather information on the way of using the website by the User, type of a website from which the User was directed and the number of visits and visit time of the User on the website. This information does not register User’s specific personal data but serves to study website use statistics.
5. The Administrator shall use external cookies in order to collect general and anonymous statistical data by means of analytical tools i.e. Google Analytics (external cookies administrator: Google Inc. with its registered seat in the USA).
6. The User shall have the right to decide with respect to cookies access to its computer by choosing cookies beforehand in the browser window. Detailed information on the possibility and ways of using cookies are available in the software (Internet browser) settings.
ADDITIONAL SERVICES RELATED TO THE USER’S ACTIVITY ON THE WEBSITE
1. The Website shall use the so-called social plugins of social networking sites. Upon visiting HitMe, which contains such a plugin, the User’s browser will connect directly to Facebook, Instagram, Pinterest, Twitter and YouTube servers.
2. The plugin content shall be transferred by a given service provider directly to the User’s browser and integrated with the website. Thanks to such integration service suppliers receive information that the User’s browser displayed HitMe regardless of whether the User has a profile with a given service supplier or is currently logged in. Such information (together with the User’s IP address) shall be sent by the browser directly to the server of a given service supplier (some servers are located in the USA) where it is stored.
3. If the User logs into one of the above social networking sites, the service supplier will be able to directly assign a visit to HitMe to the User’s profile on a given social networking site.
4. If the User uses a given plugin e.g. by clicking on “Like it” or “Share,” appropriate information shall also be sent directly to the server of a given supplier where it is stored.
6. If the User does not want social networking sites to assign the data collected during visits to HitMe directly to its profile on a given website, the User has to log out of such website prior to a visit to HitMe. The User may also fully prevent the loading of plugins on the website using appropriate extensions for the browser, e.g. blocking scripts by means of “No script.”
1. The Administrator shall use technical and organisational means which ensure personal data protection suitable to the threats and data category under protection and in particular it shall secure data against their disclosure to unauthorised persons, seizure by an unauthorised person, processing in breach of applicable provisions as well as amendment, loss, damage or destruction.
2. The Administrator shall give access to appropriate technical means which prevent unauthorised persons from gaining access to and modifying electronically sent personal data.
3. To matters not regulated herein the provisions of RODO and other competent EU law provisions shall apply.