Be aware that on the relevant legal acts, our Protection Policy, as well as in other documents that we may apply while processing data, there are a number of concepts important to the protection of your rights.
By processing of your personal data we understand the following key concepts as follows:
PROCESSING OF DATA – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. Processing of data involves in particular: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data;
THE BASIS OF DATA PROCESSING – legally defined grounds for the processing of personal data by us. In principle, we process your data on the basis of your consent, or because we need it to provide you with the website.
It may happen that we would be forced by law to transfer your personal data to public services – yet we always remain committed to act in accordance with the law. We are allowed to use your data to develop Your Extended Team through, for example, customer profile analysis, preparation of marketing strategies. In this case, the basis for the processing of your data are our legitimate business interests – the possibility to make market analysis, advertising, implementation of sales strategies, etc. as it remains a part of the fundamental right of economic freedom and the freedom to conduct a business. Nevertheless, we renounce such processing which would excessively interfere your rights and freedoms. In the case of EU citizens, the legal grounds for data processing of personal data are explicitly set forth in the GDPR. In that case, depending on the circumstances that would be the following:
1) Article 6(1)(a) of GDPR – the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
2) Article 6(1)(b) of GDPR – processing is necessary for the performance of the agreement to which the data subject is party or in order to take steps at the request of the data subject prior to entering into the agreement;
3) Article 6(1)(c) of GDPR – processing is necessary for compliance with a legal obligation to which the controller is subject;
4) Article 6(1)(f) of GDPR – processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
REASONS AND TYPES OF DATA
In our organization, we process variety of data and different categories of personal data – all for specific purposes. If we ask you for consent to process information, we inform you about the processing principles. Please do not hesitate to familiarize yourself with them carefully.
Please remember that your consent is always voluntary and you can withdraw your consent at any time without stating any reason. Please note, however, that occasionally it may turn out to be impossible to provide you with services as it might not be possible without your personal data. Therefore, you are kindly asked to fully consider whether you consciously would like to authorize us to process your personal data.
By using Your Extended Team website, you consent to the processing of your personal data for the purpose of providing services by us.
In the case of our website we collect and process the following data for the purposes indicated below:
SOURCE OF DATA: Website contact form, any other communications between us
TYPE OF DATA: required: name, surname, e-mail address; optional: telephone number
PURPOSE: communications with you, negotiations of contracts, presentation of our offers and services, handling your requests
SOURCE OF DATA: any agreement between you and Your Extended Team
TYPE OF DATA: name and surname (if applicable), business name, contact address, email address, tax ID
PURPOSE: execution and performance of an agreement
SOURCE OF DATA: data collected during the use of website
TYPE OF DATA: IP address, number of pages visited at the website, time spent on particular pages, any server requests, cursor position
PURPOSE: analytical purposes
SOURCE OF DATA: cookies files (please see the information below)
TYPE OF DATA: identity of website
PURPOSE: user identification, authentication and authorization during the session
BASIC PRINCIPLES OF PERSONAL DATA PROTECTION
Processing of your personal data may each time look different, depending on what data we process, for what purpose, by what means, on what legal basis, etc. In each case, however, we are guided by a few fundamental values and principles:
I. LAWFULNESS – we always process your data in accordance with the applicable law;
II. RELIABILITY – we process your data reliably, in the organized and thoughtful manner;
III. TRANSPARENCY – we are committed to make the data processing processes transparent;
IV. PURPOSEFULNESS – we always collect and process data for a specific legal purpose or purposes; we do not collect data unnecessarily;
V. ADEQUACY – we process data adequate to the purposes for which we do it; we limit the processing of data to what is necessary to achieve a specific purpose beyond which we do not cross;
VI. CORECTNESS – we take reasonable care to process only personal data which are correct and up-to-date;
VII. LIMITATION OF STORAGE – in accordance with the GDPR, storage in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; we store personal data no longer than reasonably needed;
VIII. INTEGRITY AND CONFIDENTIALITY – we process personal data in the manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage. We use appropriate technical or organizational measures;
IX. ACCOUNTABILITY – the controller of your data is responsible for compliance with the rules listed above. We keep records of how we process your personal data in order demonstrate that, if necessary.
INFORMATION ON YOUR RIGHTS (GDPR)
The GDPR regulation confer persons from the European Union with a number of rights that they can use while we process their personal data. If you are the person from the EU or EEA you are vested in with the following rights:
(a) the right to access and receive copies of your data. You have the right to receive from us one copy of your personal data, which we process, and another – for a fee;
(b) the right to rectify (to amend) your personal data;
(c) the right to erase data. If you think there are no grounds for us to process your data further and you are right, you can demand erasure;
(d) limitations on data processing. If you think that we have inaccurate data about you, and you do not request to erase these data, you can demand that we limit ourselves only to store this data, or to other undertake other activities that we would agree with you;
(e) the right to object to the processing of personal data;
(f) the right to data portability;
(g) if we process your data on the basis of your consent, you have the right to withdraw your consent for processing at any time without giving any reason. This does not affect the legality of the previous processing;
(h) the right to complain to the appropriate supervisory authority for our actions.
In order to exercise your rights, you must first let us know. As a first step you are kindly requested to contact in a convenient way for you with the Your Extended Team – the controller of your personal data. To facilitate this process, we have prepared a form of your request (or statement) that you can use to communicate with us – you will find this form at the very end of this Data Protection Policy.
Regardless of how, when and in what form you would like to contact Your Extended Team in matters relating to your privacy, please do not hesitate to read the following information, containing the rules for handling inquiries from people from the European Union resulting from the provisions of the GDPR, which we would use:
Information shall be provided in writing or otherwise, including, where appropriate, electronically. In case of explicit request of the data subject, the information shall be given orally, provided that the identity of the data subject is confirmed by other means. The controller shall refuse to request if the identification of the data subject is not possible. The controller without undue delay – and in any case within one month from receipt of the request – provides the data subject with the information on actions taken in conjunction with the request. If necessary, this period may be extended by another two months due to the complex nature of the request or the number of requests. Within one month from the receipt of the request, the controller shall inform the data subject about such extension, stating the reasons for the delay. If the data subject has forwarded his request electronically, if possible, the information is also transmitted electronically, unless the data subject requests a different form. If the controller fails to take action in relation to the request of the data subject, the controller shall immediately – no later than within one month from the receipt of the request – inform the data subject of the reasons for failure to take action and the possibility of lodging a complaint to the supervisory authority and to exercise available legal remedies before the court. Information provided by the controller as well as communication and actions taken in conjunction with handling requests are free of charge. If the data subjects’ requests are manifestly unjustified or excessive, in particular, because of their continuing nature, the controller shall charge a reasonable fee, including administrative costs of providing information, communication or undertaking specific actions, or refusing to take actions in relation to the request. If the controller has reasonable doubts regarding the identity of the natural person submitting the request, the additional information necessary to confirm the identity of the data subject shall be requested.
INFORMATION ON YOUR RIGHTS (PERSONS FROM OUTSIDE OF THE EU AND THE EEA)
We would like to look after the security of all our Clients and website visitors. If the provisions of GDPR do not apply to you, you can still request that your personal data to be rectified if they are incorrect; to abandon processing them – if there is no grounds for it; to amend personal data – if they are changed. Should you like to amend anything or you simply wish to find out more, please do not hesitate to contact Rite NRG.
PROCESSING OF PERSONAL DATA BELONGING TO CHILDREN
Our website is designed and reserved for adults only. It is the law of the country you are a citizen of which determines if you are an adult. Usually, depending on the country you are the citizen of, you must be at least 18 or 21 years old in order to be able to use our services. If you are not an adult – you are not allowed to enter into. Under no circumstances such agreements shall be concluded by persons who are not at least 16 years old. We do not collect or process personal data of children, including, in particular, personal data of persons under 16 years of age.
Information about the cookies we use on our website:
(a) AspNetCore.Antiforgery – a temporary cookie file used to verify correctness of sent HTML forms in order to protect against breaking into the website service with a use of machine methods;
(b) ARRAffinity – a cookie file used by a server to connect user sessions with a specific server instance. It aims to evict a situation in which a user is automatically redirected to a server instance to which has no authorization;
(c) Anyvision.Session – user session information cookie file, allowing to identify a user during a session;
(d) Token – JWT token, used to authenticate a user after a login. Together with a session cookie allows to identify a user in the system.
WHO IS BOUND BY THIS DATA PROTECTION POLICY
We strive to familiarize all our staff with this policy, in particular those who have access to any personal data. Our employees and fellows are obliged to observe rules and principles which we apply in order to protect your data and we are committed to process your data with full respect of the law and in accordance with the main principles of our Policy indicated above. Only selected employees of Your Extended Team have access to your data.
We follow these principles, you use them.
TRANSFER OF DATA TO THIRD COUNTRIES AND INTERNATIONAL ORGANIZATIONS
Your Extended Team is the company incorporated under the Poland law system. The data you provide to us shall be processed primarily in Poland. Your Extended Team may also have affiliates in various countries around the World. In this case, your data shall also be processed in the country in which we have affiliates. For its correct or enhanced operation, we can take advantage of various possibilities offered by technology and IT infrastructure, which may involve the temporary transfer of your data to servers, end devices, etc. located in other countries. No matter where your data is processed, we are striving to provide equal level of data security everywhere. In particular, we select our contractors – providers of infrastructure and IT services – choosing only those who can guarantee the high level of protection of your privacy.
SECURITY OF YOUR DATA AND DATA RETENTION
We use appropriate to the level of risk (which may involve processing of your data) technological, organizational and physical safeguards. Depending on the circumstances, we may use different types of security: IT security, encryption, pseudoanonymization, physical security or well-organized internal principles of processing of personal data only by concretely authorized persons. We protect your data in particular against accidental loss, modification or unauthorized disclosure to third parties. We protect your data best as we can.
We store and process your data for as long as it is necessary for the purposes for which we do it. We might be obliged by law to keep data for a specific minimum period – we comply with such requirements. In principle, we process your data as long as it is necessary to provide and settle our services.
PERSONAL DATA BREACH
In the case where there would be a breach of the personal data protection of a person from the European Union, we would inform this person if this breach may actually have a serious impact on his/her rights, freedoms as well as privacy. In principle, legal provisions require us to inform two entities in the event of the breach of personal data protection: the appropriate supervisory authority and the personal data subject. At the same time, if the privacy of such a person and its other rights are not at risk (the law directly indicates the following cases: the controller implemented appropriate technical and organizational protection measures and these measures have been applied to the personal data the breach relates to, in particular measures such as encryption, preventing from reading by persons without authorized access to these personal data; the controller applied measures to eliminate the probability of the high risk of violation of the rights or freedoms of the data subject) there is no need to worry and in accordance with provisions of law we do not have to inform this person separately.
If a notification of the breach of data protection which concerns person from the European Union would involve a disproportionate effort, a public communication is issued or a similar measure whereby the data subjects are informed about the breach in an equally effective manner.
LINKS TO OTHER SITES
This Policy is effective as of 1 June 2020 and will remain in effect in its current wording until we amend or change it in any manner. In case of any changes – we will let you know about, either by email message or by posting the new Policy on our website, as reasonably practicable. We reserve the right to update or change our Policy at any time. If you continue to use our services after any change of Policy, it means that you agree with such changes.
STANDARD FORM ENABLING YOU TO EXERCISE YOUR RIGHTS
Please find below the useful form that you can apply in contacts with us in order to exercise your rights related to the processing of personal data by us. You do not have to use it, but it would facilitate to process of handling and resolving your matter in a reliable and quick way. It is primarily designed for persons from the European Union. You can send them to the collector’s contact details provided above.
INFORMATION FOR PERSONS FROM THE EUROPEAN UNION WITHIN THE MEANING OF THE YOUR EXTENDED TEAM DATA PROTECTION POLICY
Information shall be provided in writing or otherwise, including, where appropriate, electronically. In case of explicit request of the data subject, the information shall be given orally, provided that the identity of the data subject is confirmed by other means. The controller shall refuse to request if the identification of the data subject is not possible. The controller without undue delay – and in any case within one month from receipt of the request – provides the data subject with the information on actions taken in conjunction with the request. If necessary, this period may be extended by another two months due to the complex nature of the request or the number of requests. Within one month from the receipt of the request, the controller shall inform the data subject about such extension, stating the reasons for the delay. If the data subject has forwarded his request electronically, if possible, the information is also transmitted electronically, unless the data subject requests the different form. If the controller fails to take action in relation to the request of the data subject, the controller shall immediately – no later than within one month from the receipt of the request – inform the data subject of the reasons for failure to take action and the possibility of lodging a complaint to the supervisory authority and to exercise available legal remedies before the court. Information provided by the controller as well as communication and actions taken in conjunction with handling requests are free of charge. If the data subjects’ requests are manifestly unjustified or excessive, in particular, because of their continuing nature, the controller shall charge a reasonable fee, including administrative costs of providing information, communication or undertaking specific actions, or refusing to take actions in relation to the request. If the controller has reasonable doubts regarding the identity of the natural person submitting the request, the additional information necessary to confirm the identity of the data subject shall be requested.