Privacy Policy

1. Personal data administrator

The administrator of personal data is Greensearch z ograniczoną odpowiedzialnością with its registered office in Radom 26-600 at ul. Kazimierza Pułaskiego 6/10, entered in the Register of Entrepreneurs of the National Court Register under KRS number 0001144714, NIP 7963033623, REGON 54042805600000.

The administrator has not appointed a data protection officer.

In matters relating to the processing of personal data, the User may contact the Administrator as follows:

3. Methods of transferring personal data

The user may provide their personal data to the Administrator by sending an email to the address provided on the Website, filling out the contact form, or contacting us by phone.

When contacting us via email, the User provides the Administrator with their first and last name, telephone number, and email address as the sender of the message. In addition, other personal data may also be included in the content of the message. The legal basis for the processing of the User's personal data in this case is the consent resulting from initiating contact with the Administrator. The User's personal data provided in the course of email contact is processed solely for the purpose of handling the inquiry. The content of the correspondence may be archived in accordance with the provider's server security policy.

4. Basis and purpose of processing of the User's personal data by the Administrator

The legal basis for the processing of personal data is provided by Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJ EU L, No. 119, item 1, as amended, hereinafter referred to as "GDPR") and the Act of May 10, 2018, on the protection of personal data (consolidated text Journal of Laws of 2019, item 1781, as amended, hereinafter referred to as "u.o.d.d.").

The Administrator will process the entrusted data for the following purposes:

• performance of contracts concluded with the User or taking action prior to the conclusion of such a contract, as well as to respond to questions submitted to the Administrator in person, by post, by email, or via the form on the Administrator's website, including sending information about the launch of the platform by the Administrator or as part of the Administrator's newsletter, to which the User voluntarily subscribes (Article 6(1)(b) of the GDPR),
• fulfilling the legal obligations incumbent on the Administrator pursuant to Article 6(1)(c) of the GDPR, resulting from EU or Polish law;
• on the basis of a legitimate interest pursued by the Controller (Article 6(1)(f) of the GDPR), which the Administrator considers to include, in particular: investigation and defense against claims, fraud prevention, ensuring ICT security, archival purposes, provision of services to the User in situations where the User's interests override the interests, rights, and freedoms of the data subjects;
• telephone or email contact related to the services provided and business activities, including the performance of contracts and providing information about services (legal basis: Article 6(1)(f) of the GDPR).

5. Period of personal data processing

The Administrator processes personal data for the period necessary to achieve legitimate purposes. If the basis for data processing is the User's consent, the Administrator will cease processing the User's personal data immediately after the User withdraws their consent. In the case of personal data that the Administrator processes in connection with the performance of contracts, such data will be processed until the expiry of the limitation periods for any claims. In each of the above cases, this will last no longer than 6 years.

6. Categories of data recipients

The User's personal data may be made available to third parties in connection with the provision of services to the User by the Administrator and to entities with which the Administrator cooperates, in particular associates and service providers, including IT and accounting services. These service providers will process the data solely on the basis of data processing agreements concluded with the Administrator, for the purpose specified by the Administrator, with the obligation to secure the data properly. To the extent required by law, the User's personal data may be transferred to public administration bodies upon their prior request. The User's personal data is not transferred to countries outside the European Union or the European Economic Area.

The administrator does not trade in personal data.

7. No profiling

The User's personal data is not subject to profiling as a form of automated personal data processing.

8. Rights related to the processing of personal data

The user has the following rights related to the processing of personal data:

• the right to access your data and receive a copy of it;
• the right to rectify (correct) or supplement your data;
• the right to erasure of personal data, unless the processing is necessary for compliance with a legal obligation or in the exercise of public authority, or is necessary for the establishment, exercise, or defense of legal claims; the right to restriction of processing;
• the right to transfer personal data that has been provided to the Controller, i.e., the right to receive it in a structured, commonly used format and to send it to another controller. This right may only be exercised in cases where processing is based on consent or a contract and is fully automated;
• the right to object, provided that the processing is carried out for purposes arising from legitimate interests pursued by the controller or a third party, pursuant to Article 6(1)(f) of the GDPR;
• the right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office (at the address of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw);
• To the extent that the basis for the processing of personal data is consent given under the provisions of the GDPR, the User has the right to withdraw such consent. Withdrawal of consent does not affect the processing that took place before its withdrawal.

9. Voluntary provision of personal data

With regard to the processing of personal data for the purpose of fulfilling the legal obligations incumbent on the Personal Data Controller pursuant to Article 6(1)(c) of the GDPR, resulting from Union or Polish law, the obligation for the User to provide their data is a statutory requirement. In the case of data processing for the purpose of concluding or performing contracts (Article 6(1)(b) of the GDPR) on the basis of a legitimate interest pursued by the Data Controller or a third party (Article 6(1)(f)) or for the purpose of telephone or e-mail contact related to the services provided and the activities carried out, including the performance of contracts, providing information about services (legal basis: Article 6(1)(f) of the GDPR) – the provision of personal data by the User is voluntary. However, refusal to provide personal data may, depending on the context in which the data is processed, prevent the Administrator from concluding a contract with the User, affect the scope of services that the Administrator will be able to provide to the User, or prevent the Administrator from contacting the User, in particular with regard to providing information about the Administrator's products and services.

Cookies

1. Cookies are divided into "persistent" and "session" cookies. A persistent cookie consists of a text file sent by the server to the browser, which will be stored by the browser until a specified expiration date (unless the user deletes it before that date). A session cookie, on the other hand, is a temporary file that expires at the end of the user's current session when the browser is closed.
   The Website uses session cookies. The table below lists the cookies used on the Website.

4. The Administrator hereby informs the User that it is possible to configure the web browser in such a way that it prevents the storage of cookies on the User's end device. In such a situation, the User's use of the Website may be difficult.
5. The Administrator hereby indicates that cookies may be deleted by the User after they have been saved by the Administrator, using the appropriate functions of the web browser, programs designed for this purpose, or using the appropriate tools available within the operating system used by the User.