I. ABOUT US
HeatQ Technology Sp. z o.o. with headquarters in 80-017 Gdańsk, ul. Trakt Św. Wojciecha 223/225, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court Gdańsk-Północ in Gdańsk, 7th Commercial Division of the National Court Register, under KRS number: 0000699123, NIP: 5833268344. Personal data is obtained and processed in a manner and on the terms specified in this Policy.
At HeatQ Technology Sp. z o.o. we attach particular importance to the protection of the privacy of our clients, contractors, employees and associates. One of its key aspects is the protection of the rights and freedoms of natural persons in relation to the processing of their personal data.
We make sure that your data is processed in accordance with the provisions of the General Data Protection Regulation 2016/679 / EC (hereinafter: “GDPR”), the Act on the protection of personal data, as well as specific regulations (included, inter alia, in labor law or the Accounting Act).
HeatQ Technology Sp. z o.o. is the administrator of personal data within the meaning of art. 4 point 7 of the GDPR, we also use the services of processing entities referred to in art. 4 pts 8 GDPR – they process personal data on behalf of the administrator (these are e.g. accounting, IT, security companies).
HeatQ Technology Sp. z o.o. implements appropriate technical and organizational measures to ensure a level of security corresponding to the possible risk of violating the rights or freedoms of natural persons with different probability and severity of the threat. Our activities in the field of personal data protection are based on adopted policies and procedures as well as regular training courses to increase the knowledge and competences of our employees and associates.
III. WHAT DO WE USE YOUR PERSONAL DATA FOR
As an employer, we process the data of employees and people who cooperate with us on a basis other than an employment relationship. Contact details obtained from contractors (e.g. their employees) are used to conclude and efficiently perform contracts. We use the data of our clients to perform the contract and provide our services. We also conduct marketing activities and as part of it we try to reach the widest possible group of interested parties in order to provide them with up-to-date information about our products and services.
We provide third parties with your data with your consent or when we are required to do so under the law.
IV. ON WHAT TERMS AND ON WHAT BASIS DO WE PROCESS YOUR DATA
We make every effort to protect the interests of data subjects, and in particular we ensure that the data is:
- processed in accordance with the law, fairly and in a transparent manner for the data subject;
- collected for specific, explicit and legitimate purposes and not further processed in a manner inconsistent with these purposes;
- adequate, relevant and limited to what is necessary to achieve the purposes for which they are processed;
- correct and updated as necessary. We take steps to ensure that personal data that is incorrect in the light of the purposes of their processing are immediately removed or corrected;
- stored in a form that permits identification of the data subject for no longer than is necessary to achieve the purposes of processing;
- processed in a manner ensuring adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss or destruction.
We usually process your data on the basis of consent, which may be withdrawn at any time. Another case is when the processing of your data is necessary to perform the contract to which you are a party or to take action at your request, even before concluding the contract.
In some situations, processing is necessary to fulfill the legal obligation incumbent on us as the controller. Such obligations result, for example, from the provisions of the labor law or the Accounting Act.
V. WHAT RIGHTS DO YOU HAVE
We take appropriate measures to provide you with all relevant information in a concise, transparent, understandable and easily accessible form and conduct all communication with you regarding the processing of personal data in connection with the exercise of your right to:
- information provided when collecting personal data;
- information provided upon request – whether the data is processed, and other issues specified in art. 15 GDPR, including the
- right to copy data;
- rectification of data;
- being forgotten;
- processing restrictions;
- data portability;
- not being subject to decisions based solely on automated processing (including profiling);
- information about a data breach.
In addition, if your personal data is processed on the basis of consent, you have the right to withdraw it. The consent may be withdrawn at any time, which does not affect the legality of the processing carried out prior to its withdrawal.
In order to contact us regarding the implementation of a given right, please contact us via:
Correspondence address: Trakt Św. Wojciecha 223/225, 80-017 Gdańsk
The security of your data is our priority, however, if you decide that by processing your personal data we violate the provisions of the GDPR, you have the right to lodge a complaint with the President of the Office for Personal Data Protection.
VI. HOW WE WILL CONTACT YOU
We provide information in writing or otherwise, including, where appropriate, electronically. If you so request, we may provide the information orally, as long as we confirm your identity by other means. If you submit your request electronically, the information will also be provided electronically, if possible, unless you provide us with another preferred form of communication.
VII. WHEN WILL WE FULFILL YOUR REQUEST
We try to provide information immediately – as a rule, within one month of receiving the request.
If necessary, this period may be extended by another two months due to the complexity of the request. However, in any case, within one month of receiving the request, we will inform you of the action taken and (if applicable) of the extension of the deadline, stating the reason for such delay.
VIII. SUBCONTRACTORS / PROCESSORS
If we cooperate with entities that process personal data on our behalf, we only use the services of such processors that provide sufficient guarantees to implement appropriate technical and organizational measures so that data processing meets the requirements of the GDPR and protects the rights of data subjects.
We check in detail the entities to which we entrust the processing of your data. We enter into detailed contracts with them, and we periodically inspect the compliance of processing operations with the content of such contracts and the law.
The recipients of your personal data may be:
- entities and bodies authorized to process personal data on the basis of legal provisions, banks if it is necessary to conduct settlements,
- institutions providing funding for the performance of the contract concluded with the Administrator,
- entities cooperating as part of marketing campaigns,
- company providing accounting services,
- a company providing IT services,
- companies providing courier / transport services,
- a company providing debt collection services,
- transaction insurers,
- the owner of the Facebook social network under the non-changeable data rules specified by Facebook available at https://www.facebook.com/about/privacy.
IX. HOW WE CARE FOR THE PROCESSING OF YOUR DATA
To meet legal requirements, we have developed detailed procedures covering such issues as:
- data protection by design and data protection by default;
- data protection impact assessment;
- notification of violations;
- keeping a register of data processing activities;
- data retention;
- exercising the rights of data subjects;
We regularly check and update our documentation in order to be able to demonstrate compliance with the legal requirements in accordance with the principle of accountability set out in the GDPR, but also in the interests of the data subjects, we try to incorporate the best market practices into it.
X. DATA RETENTION
We store personal data in a form that permits the identification of the data subject for no longer than it is necessary for the purposes for which the data is processed. After this period, the data is anonymized (we deprive any features that make it possible to identify the person) or we delete it. In the retention procedure, we ensure that the period of personal data storage is limited to the strict minimum.
The data processing period is determined in the first place on the basis of legal provisions (e.g. the storage time of employee documentation, accounting documents), as well as the legitimate interest of the administrator (e.g. marketing activities). The retention policy covers both data processed in paper and electronic form.
We ensure that every person acting under our authorization and having access to your personal data processes it only at our request, unless other requirements result from EU law or the law of a Member State.
The policy of using cookies by the website.
- Cookies are IT data, in particular text files, which are stored on the Website User’s end device and are intended for use with the Website’s pages. Cookies usually contain the name of the website they come from, the storage time on the end device and a unique number.
- The entity that places cookies on the Website User’s end device and accesses them is the website owner.
- The cookie mechanism is not used to obtain any information about website users or to track their navigation. Cookies used on the website do not store any personal data or other information collected from users and are used for statistical purposes.
- Cookies are used for the purpose adjusting the content of the Website pages to the User’s preferences and optimizing the use of websites; in particular, these files allow to recognize the device of the Website User and properly display the website, tailored to his individual needs;
- creating statistics that help to understand how Website Users use websites, which allows improving their structure and content;
maintaining the Website User’s session (after logging in), thanks to which the User does not have to re-enter the login and password on each subpage of the Website;
- The Website uses two basic types of cookies: session cookies and persistent cookies. Session cookies are temporary files that are stored on the User’s end device until logging out, leaving the website or turning off the software (web browser). Persistent cookies are stored on the User’s end device for the time specified in the cookie file parameters or until they are deleted by the User.
- The following types of cookies are used within the Website:
“Necessary” cookies, enabling the use of services available on the Website, eg authentication cookies used for services that require authentication on the Website;
cookies used to ensure security, e.g. used to detect fraud in the field of authentication on the Website; ◦ “performance” cookies, enabling the collection of information on the use of the website pages;
“Functional” cookies, enabling “remembering” the settings selected by the User and personalization of the User’s interface, eg in terms of the selected language or region from which the User comes, font size, website appearance, etc .;
XIII. LINKS TO OTHER PAGES ON THE WEBSITE
The website owner informs that the website contains links to other websites. The website owner recommends that you read the privacy policies in force there, as he is not responsible for them.
XIV. SECURING USER DATA ON THE WEBSITE
The description of technical and organizational security measures is included in the Security Policy (personal data protection) of the website owner. In particular, the following safeguards are used:
- The data downloaded automatically by the server is secured by the service access authentication mechanism
- Data collected from users during the registration process are secured with the SSL protocol and through the mechanism of authentication of access to the website
- The website administration is accessed using the authentication mechanism