The Controller of the personal data collected in accordance with this Policy is Data Hiro Sp. z o.o. with its registered office at  ul. PIASTOWSKA 12, 55-100 Trzebnica, registered in the National Court Register kept by the District Court Wrocław-Fabryczna in Wrocław, VI Economic Department of the National Court Register, under the number 0000783427, with the share capital of PLN 45000.00, fully paid up, with the NIP number: 9151813013. Contact information at e-mail:-contact@datahiro.com.

Data Hiro makes every effort to ensure that Personal Data are processed in accordance with applicable laws and regulations and are protected from loss, destruction, disclosure, unauthorized access or misuse. Data Hiro guarantees the confidentiality of any data provided to it, by taking effective security measures of safety and protection of Personal Data. Where there is a suspicion that your Personal Data are not adequately secured or if there is evidence of abuse, please contact us at the e-mail address indicated in §1.

1.In each case, the purpose, scope and recipients of the Personal Data processed by Data Hiro result from the User’s consent or the law, and are further specified as a result of the actions taken by the User on the Website or through other channels of communication with the User.

2. Possible purposes for the collection and processing of Users’ Personal Data by Data Hiro:
 

a. conclusion and execution of the service agreement and receiving and processing of complaints:

i. The main purpose of Data Hiro’s processing of Personal Data and other information is to provide services to Users, maintain the Website, and ensure safe and guaranteed service performance.

ii. In addition to the data marked “mandatory”, the provision of other data is voluntary.

iii. The legal basis for the processing shall be Article 6(1b) of GDPR (necessary for the performance of the agreement for the provision of services by electronic means).

b. securing of claims

i. For the purpose of establishing, pursuing and enforcing of claims, Data Hiro may process certain Personal Data provided by the User, in particular name and surname, contact data (e-mail address, telephone number), data on the use of services/Website and other data that will be necessary to prove the existence of a claim, its enforcement and defense against claims in proceedings before courts and other state bodies.

ii. The legal basis for data processing is Article 6(1f) of GDPR, i.e. Data Hiro’s legitimate interest. Data in this regard are processed for the statutory period of limitation of claims.

iii. However, the processing of data shall only include storage of the data to the exclusion of any other operations on the data, subject to different obligations of Data Hiro indicated in the applicable regulations or imposed on Data Hiro by authorized bodies.

c. creation of statistics on the use of the Website, profiling:

i. Data Hiro monitors the quality of its services because it is committed to meeting Users’ expectations. For this purpose, statistics are kept on the use of individual functions and sub-sites of the Website with use of the internal analytical tools, and statistical tools provided by partners providing analytical services.

ii. The User of the Website may agree to process the Personal Data provided by him/her for the purpose of advertising, market research as well as for studies of the behavior and preferences of Users, with the results of such research being used to improve the quality of services provided by the Website. Lack of consent does not affect the rights and obligations of the User.

iii. In order to realize this purpose, data on the User’s activity on the Website (e.g. sites and sub-sites of the Website visited by the User, the amount of time spent on the Website, the User’s IP address, location, device ID and data on the browser and operating system used by the User) are processed.

iv. The Controller, in order to develop the services it offers, may use profiling in some cases. Profiling means automated data processing, which involves the use of User’s data to evaluate selected factors specific to the User in order to analyze the User’s behavior or to make a forecast for the future. This allows the Controller to better tailor the services it offers to the individual preferences and interests of the User.

v. Thanks to this technology, the Controller can not only present the User with advertising tailored to the User, but also, from among the available offers, present primarily those that will best suit the User’s needs. The information collected and contained in cookies may be stored after the end of the browser session which allows, for example, their use during the User’s next visit. The legal basis for data processing is Article 6(1a) of GDPR, i.e. the User’s consent.

d. Marketing:

i. The Controller processes Users’ Personal Data in order to carry out marketing activities, which may include:

-displaying marketing content to the User that corresponds to the User’s interests (behavioral advertising);
-carrying out other types of analytical and statistical activities and activities related to direct marketing of services (sending commercial information by electronic means, and telemarketing activities);

ii. Detailed legal grounds for processing data for marketing activities are indicated in the section on Cookies.

e. Newsletter:

i. The User may give the Controller permission to process his/her Personal Data in the form of an e-mail address and telephone number for the purpose of direct marketing of the Controller’s services, during and after the provision of the services. Giving consent to data processing is voluntary.

ii. The User may give the Controller permission to process his/her Personal Data in the form of an e-mail address and telephone number for the purpose of direct marketing of the Controller’s services, during and after the provision of the services. Giving consent to data processing is voluntary.

iii. Providing Personal Data is necessary for the User to use the Newsletter service. Failure to provide data will result in the User’s inability to use the Newsletter service.

iv. The User may cancel the Newsletter service at any time by revoking his/her consent. For this purpose, it is sufficient to send information to the contact (e.g. e-mail) listed in paragraph X, clause 2 of the Policy.

v. The legal basis for the provision of the Newsletter mailing service is that the processing is necessary for the performance of the agreement (Article 6(1b) of GDPR). In the scope of data provided optionally, the legal basis for processing is consent (Article 6(1a) of GDPR), and in the case of directing marketing content to the User via the Newsletter it is the legitimate interest of the Controller (Article 6(1f) of GDPR), in connection with the User’s consent to receive the Newsletter.

f. Communication:

i. The Controller may communicate with the User by an e-mail, messages in social media channels, by phone or classically through letters and packages.

ii. The User may at any time contact the Controller directly by sending an appropriate message in writing, by an e-mail to the Controller’s address indicated in paragraph I of the Policy, and by telephone contact at the telephone number indicated at the beginning of the Policy.

iii. The Controller stores correspondence with the User for statistical purposes and for the best and fastest possible response to emerging inquiries, as well as for the resolution of complaints, and in order to take possible decisions on administrative interventions made on the basis of notifications in the indicated account. Addresses and data thus collected shall not be used to communicate with the User for any purpose other than the execution of the application.

iv. When the User contacts the Controller to perform a given action (e.g., filing a complaint), the Controller may again ask the User to provide data, including personal data, e.g., in the form of name, surname, e-mail address, etc., in order to confirm the User’s identity and to contact back with the User on the respective matter. The above applies to the same data, including personal data, which were previously provided by the User, and to the processing as to which the Customer has consented. Provision of this data is not mandatory but may be necessary to perform an action or obtain information of interest to the User.