Privacy

General provisions

This Privacy and Cookie Policy defines the rules of processing personal data obtained through the VOXES Web Portal.

This Privacy and Cookie Policy is for information purposes only, which means that it is not a source of obligations for the Users of the Web Portal. The User of the Web Portal shall mean any person who uses the Website. The Privacy and Cookie Policy sets out, first of all, the rules concerning the processing of personal data by the Controller in the Web Portal, including the basis, purposes and scope of personal data processing and the rights of the data subjects, as well as information on the use of cookies and analytical tools in the Web Portal.

The personal data controller within the meaning of regulations on personal data protection is Patryk Gułaś who conducts business activity entered in the Central Register and Information on Economic Activity (CEIDG) kept by the minister in charge of economy, under the following business name: Indefio Patryk Gułaś with registered office in Łęczna (21-010), ul. Spacerowa 1/38, NIP: 5050127076, REGON 368843058, e-mail address:help@voxes.io (hereinafter: „Controller”).

The legal basis for the processing of personal data by the Controller is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter “the Regulation”. Official text of the Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679

The Controller takes special care to respect the privacy of the Users visiting the Web Portal.

The Controller guarantees the confidentiality of any personal data provided and ensures that all security and personal data protection measures required by the regulations on personal data protection are taken. Personal data is collected with due diligence and properly protected from access by unauthorised persons.

The Controller does not make decisions in individual cases in an automated manner and does not resort to User profiling.

The Controller does not collect or process sensitive data, referred to in the Regulation as "special categories of personal data", nor does he intend to collect or process data of minors under the age of 16.

User’s rights

You have the following rights arising from the processing of your personal data:

the right to request access to one's own personal data – the User has the right to obtain confirmation whether the Controller is processing his or her personal data and, if so, to obtain access to the data and to receive information on such data, e.g. the purpose of processing, categories of data, information about the recipients or categories of recipients to whom the data have been or will be disclosed, the planned period of storage of personal data or the criteria for determining that period; the above right also includes the right to receive a copy of the data free of charge (for any subsequent copies requested by the User, the Controller may charge a reasonable fee resulting from the administrative costs),

the right to rectify personal data (if they are incorrect), which also includes requesting that incomplete personal data be completed,

the right to erase personal data (“the right to be forgotten”), in the following circumstances: when the User's personal data are no longer necessary for the purposes for which they were collected, the User has withdrawn his or her consent to their processing and there is no other basis for data processing, the User has raised an objection to the processing, personal data were processed illegally, personal data must be erased in order to fulfil the legal obligation provided for in the Union law or the law of the Member State to which the Controller is subject, personal data were collected in connection with offering information society services,

the right to restrict data processing in the following cases: the User contests the correctness of the personal data (for a period allowing the Controller to verify the correctness of the data); the processing is illegal and the User objects to the erasure of the data; the Controller no longer needs the personal data for the purposes of processing, but the User still needs them to establish, assert or defend claims; the User has objected to the processing – until it is determined whether legally justified grounds on the part of the Controller take precedence over the grounds for the User's objection

the right to object to the processing,

the right to transfer the data, including the right to receive from the Controller in a structured, commonly used machine-readable format the personal data provided by the User, including the right to demand that the personal data be sent by the Controller directly to another Controller (if technically feasible),

the right to withdraw consent to data processing at any time (withdrawal of consent, however, shall not affect the lawfulness of the processing carried out on the basis of consent given before its withdrawal),

the right to lodge a complaint with the President of the Office for Personal Data Protection, if the User considers that the processing of personal data violates the provisions of the Regulation.

In case of any questions related to the processing of personal data and in order to exercise the above rights, please contact the Controller via e-mail sent to help@voxes.io.

Sharing of data

In order to ensure the proper functioning of the Web Portal, it is necessary for the Controller to use the services of external entities. The Controller shall only use the services of such processors who provide sufficient guarantees for the implementation of appropriate technical and organisational measures so that the processing will meet the requirements of the Regulation and protect the rights of the data subjects.

The Controller hereby informs the User that he entrusts the processing of personal data to the following entities:

entities processing electronic or card payments – in the case of Users who use electronic or card payment methods in the Web Portal, the Controller makes the collected User's personal data available to a selected entity processing such payments in the Web Portal upon the Controller's order to the extent necessary to process the payment made by the User (stripe.com)

providers of accounting, legal and advisory services (in particular accounting offices, law firms, debt collection companies) – the Controller makes the collected personal data of the User available to a selected provider acting at the Controller’s order only if and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy,

service providers delivering technical, IT and organisational solutions to the Controller (in particular computer software providers to run the Web Portal, e-mail and hosting providers and providers of company-management software and technical assistance to the Controller) – mydevil.net, Google Analytics, hotjar.com, sentry.com, mongodb.com.

The Collector makes the collected personal data of the User available to a selected provider acting on his behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy.

All entities to whom the Controller entrusts the processing of personal data shall guarantee the application of appropriate personal data protection and security measures required by law.

The Controller shall not transfer personal data to third countries or international organisations.

The Controller may be required to provide information collected by a Party to authorised authorities on the basis of lawful requests to the extent resulting from the request.

Processing purposes, storage period and scope of data

The purpose of data processing: registration of the User’s Account and use of the Website.

Legal basis: Article 6(1)(a) of the Regulation

Storage period: until the User revokes his or her consent or, after such consent is revoked, for a period of time corresponding to the statute of limitations for claims that may be made by the Controller and that may be made against him.

Scope of data: e-mail address, account password set up by the User [obligatory data] + name, surname; e-mail address, avatar, company name, information on related categories, posts, votes; mouse clicks and movements [additional data] through Hotjar.

The consequence of failure to provide the above data will be the inability to use the User's account.

The above data shall be provided for the following purposes:

 a. enable provision of the service by electronic means and full use of the Web Portal or to solve technical problems;

 b. ensure the management of the User Account and its functionality;

 c. processing requests, including complaints received via the contact form or by letter;

 d. notifying and contacting the User with regard to the service provided.

2. Purpose of processing: contacting the Controller via e-mail

Legal basis: Article 6(1)(a) of the Regulation

Storage period: until the User revokes his or her consent or, after such consent is revoked, for a period of time corresponding to the statute of limitations for claims that may be made by the Controller and that may be made against him.

Scope of data: name, surname, e-mail address + data voluntarily entered by the User in the message.

The consequence of failure to provide the above data will be that the Controller cannot be contacted by e-mail.

3. Purpose of processing: maintaining accounting books.

Legal basis: Article 6(1)(c) of the Regulation in connection with Article 86 § 1 of the Tax Ordinance, consolidated text of 17 January 2017 (Journal of Laws of 2017, item 201) or Article 74(2) of the Accounting Act, consolidated text of 30 January 2018 (Journal of Laws of 2018, item 395)

Storage period: The data shall be stored for the period provided for in the law requiring the Controller to keep the tax books (until the lapse of the limitation period for tax liabilities, unless the tax laws provide otherwise) or accounting books (5 years from the beginning of the year following the financial year covered by the data).

Data range: Name and surname; e-mail address; address of residence/business/seat, company name and the User’s tax identification number (NIP)

4. Purpose of processing: to establish, assert or defend claims which the Controller may raise or which may be raised against the Controller

Legal basis: Article 6(1)(f) of the Regulation

Storage period: The data shall be stored for the period of existence of a legitimate interest pursued by the Controller, but not longer than for the period of limitation of claims against the data subject on account of the Controller's business activity. The limitation period shall be determined by the provisions of the Civil Code (the basic limitation period for claims related to business activity is three years, and two years for a sales contract).

Data range: Name, surname; e-mail address. In the case of Users who are not consumers, the Controller may additionally process the User's company name and tax identification number (NIP).

In the event where any website, mobile application or online service is used, some information is automatically generated and recorded (this results from the general principles of online connections). Such information include:

 a. data of the User’s device (e.g. type and version of the web browser and its “user agent”, type of device: a computer, a mobile device, e.g. a smartphone)

 b. other technical data (“operational data”), resulting from logging in, activity or log files (information recorded by servers, including data sent automatically by the User’s web browser or mobile app). This is information typically collected by website administrators (it defines the manner of use of services provided electronically or the collection of general, statistical information).

Cookies

The website uses cookies, i.e. small text files stored on the User's end device (computer, tablet, smartphone), which can be read by the Controller's ICT system.

On the first visit to the website, the User is shown information on the use of cookies and asked for permission to use them. The User may change the settings applicable to cookies in his web browser or delete cookies altogether. Please note that disabling cookies may cause difficulties in using the website.

The Controller uses cookies to ensure the proper functioning of the website.

The website uses functions provided by third parties, which entails the use of cookies from such parties.

Cookies are used to: identify Users as logged in to the Web Portal and show that they are logged in; remember data from filled-in forms or Web Portal logging-in data; customise the content of the Web Portal's website to the User's preferences; keep statistics tracking the patterns of usage of the Web Portal's website.

Web browser settings pertaining to cookies are relevant as regards the User’s consent to the use of cookies by the Website – under the laws in force such consent may be also granted by means of web browser settings. If consent is not given, web browser settings for cookies must be changed accordingly.

Server logs

Using the Website means that queries will be sent to the server on which the Website is stored. Each query directed to the server is saved in the server's logs.

The information stored in logs includes the User's IP address, server date and time, information about the User’s web browser and the operating system. Logs are saved and stored on the server.

The data saved in the server logs are not associated with any specific persons using the Website and are not used by the Controller to identify the User.

Such data are used exclusively for server administration purposes. Server logs serve only as auxiliary material used to administer the website, and their content is not disclosed to anyone except persons authorised to administer the server.

We use cookies to deliver our services with the best user experience. By using this website you agree to our Privacy Policy.