Login
testosaur-logo

Privacy policy

§1. Personal Data Controller

1. The controller of personal data within the meaning of Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), is Michał Czermański, conducting business activity under the name MICHAŁ CZERMAŃSKI, with its registered office at ul. Tadeusza Rechniewskiego 13, unit 46, 03-980 Warsaw, NIP: 7712666934, REGON: 101402128.

2. The data controller’s email address: rodo@testosaur.com.

3. Pursuant to Article 32(1) of the GDPR, the controller complies with the principles of personal data protection and applies appropriate technical and organizational measures to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to personal data processed in connection with the conducted business activity.

4. Providing personal data is voluntary, but may be necessary in order to establish cooperation and/or conclude a contract with the data controller.

5. The controller processes personal data only to the extent necessary for the proper provision of services or for taking actions at the request of the data subject.

§2. Purpose and legal basis for processing personal data

The controller processes personal data for the following purposes:

  • preparation of an offer in response to the client’s interest, which constitutes the controller’s legitimate interest (Article 6(1)(f) GDPR);
  • provision of services by electronic means via websites, based on a concluded contract (Article 6(1)(b) GDPR);
  • handling the complaint process, based on the controller’s legal obligation arising from applicable legal provisions (Article 6(1)(c) GDPR);
  • accounting purposes related to issuing and receiving settlement documents, based on tax law provisions (Article 6(1)(c) GDPR);
  • archiving data for the possible establishment, assertion, or defense of claims or the need to demonstrate facts, which constitutes the controller’s legitimate interest (Article 6(1)(f) GDPR);
  • telephone or email contact, in particular in response to inquiries addressed to the controller, which constitutes the controller’s legitimate interest (Article 6(1)(f) GDPR);
  • sending technical information regarding the functioning of websites and services used by the client, which constitutes the controller’s legitimate interest (Article 6(1)(f) GDPR).

§3. Data recipients. Transfer of data to third countries

1. Recipients of personal data processed by the controller may be entities cooperating with the controller, where this is necessary for the performance of a contract concluded with the data subject.

2. Recipients of personal data processed by the controller may also include subcontractors—entities whose services are used by the controller when processing data, e.g. accounting offices, law firms, and IT service providers (including hosting services).

3. The controller may be obliged to disclose personal data on the basis of applicable legal provisions, in particular to disclose personal data to authorized authorities or state institutions.

4. Personal data, in connection with the controller’s use of tools for analyzing and tracking website traffic, may be transferred to an entity based outside the European Economic Area, e.g. Google LLC. As an appropriate safeguard, the controller has agreed to standard contractual clauses pursuant to Article 46 GDPR with the providers of these services. More information on this subject is available here: https://ec.europa.eu/info/law/law-topic/data-protection/datatransfers-outside-eu_en.

§4. Personal data retention period

1. Data is stored for the duration of the controller’s legitimate interest, but no longer than the limitation period for claims against the data subject arising from the controller’s business activity.

2. The controller stores personal data contained in settlement documents (e.g. invoices) for the period specified in the provisions of the VAT Act and the Accounting Act.

3. The controller stores personal data for purposes other than those indicated in points 1–3 for a period of one year, unless consent for data processing was withdrawn earlier and the processing cannot be continued on a legal basis other than the data subject’s consent.

§5. Rights of the data subject

1. Every data subject has the right to:

a) access – to obtain confirmation from the controller as to whether personal data concerning them is being processed, and, if so, to obtain access to such data and the following information: the purposes of processing, categories of personal data, information about recipients or categories of recipients to whom the data has been or will be disclosed, the data retention period or the criteria for determining it, the right to request rectification, erasure, or restriction of processing of personal data, and the right to object to such processing (Article 15 GDPR);

b) to receive a copy of the data – to obtain a copy of the data being processed, with the first copy provided free of charge, and for subsequent copies the controller may charge a reasonable fee based on administrative costs (Article 15(3) GDPR);

c) rectification – to request correction of inaccurate personal data or completion of incomplete data (Article 16 GDPR);

d) erasure – to request deletion of personal data if the controller no longer has a legal basis for processing or the data is no longer necessary for processing purposes (Article 17 GDPR);

e) restriction of processing – to request restriction of processing (Article 18 GDPR), where: - the data subject contests the accuracy of the data, for a period enabling the controller to verify its accuracy, - the processing is unlawful and the data subject opposes erasure and requests restriction instead, - the controller no longer needs the data but it is required by the data subject for the establishment, exercise, or defense of claims, - the data subject has objected to processing pending verification of whether the controller’s legitimate grounds override those of the data subject;

f) data portability – to receive personal data in a structured, commonly used, and machine-readable format and to request transfer of this data to another controller, where processing is based on consent or contract and carried out by automated means (Article 20 GDPR);

g) objection – to object to processing of personal data carried out for the controller’s legitimate interests, due to reasons related to the data subject’s particular situation, including profiling. In such a case, the controller assesses whether there are compelling legitimate grounds overriding the interests, rights, and freedoms of the data subject, or grounds for establishing, exercising, or defending claims. If the data subject’s interests prevail, the controller shall cease processing for such purposes (Article 21 GDPR).

2. To exercise the above rights, the data subject should contact the controller using the provided contact details and indicate which right and to what extent they wish to exercise.

3. The data subject has the right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office in Warsaw.

§6. Automated decision-making. Profiling

1. Personal data obtained by the controller may be processed in an automated manner, including profiling. Profiling consists of evaluating selected information about the data subject for the purpose of analyzing or predicting personal preferences and interests, particularly for the purpose of providing personalized offers.

2. Automated data processing carried out by the controller does not produce legal effects for the data subject. The data subject may object at any time to automated processing of their data.

§7. Google Analytics

1. The controller uses Google Analytics, a web analytics service provided by Google Inc., based in the USA.

2. Google Analytics uses cookies that enable analysis of website usage. Information generated by cookies about website usage is transmitted to and stored on Google servers. On behalf of the controller, Google will use this information to analyze website usage, prepare reports on website activity, and provide other services related to website and internet usage.

3. Data will not be used to identify any natural person.

4. Users may prevent cookie storage by adjusting browser settings; however, this may result in limited website functionality. Users may also prevent Google from collecting and processing data generated by cookies (including IP address) by downloading and installing the browser plugin available at: https://tools.google.com/dlpage/gaoptout?hl=pl.

5. Users may object at any time to the collection and processing of data related to website usage by Google by downloading and installing the browser plugin available at: https://tools.google.com/dlpage/gaoptout?hl=en.