Privacy Policy

 

GENERAL PROVISIONS

This privacy policy of the Website is informative only, which means that it is not a source of obligations for the Website users. The privacy policy contains primarily rules for the processing of personal data on the Website by the Controller, including the grounds, purposes and period of the personal data processing and the rights of data subjects, as well as information on cookies and analytical tools used on the Website.

The Controller of personal data collected through the Website is the company COUNTME SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ entered into the register of the National Court Register Registration court: District Court for Wrocław Fabryczna, VI Commercial Division of the National Court Register, location: ul. Podwale 82-84/622, 50-414 Wrocław and the address for service: ul. Akacjowa 4n lok. 2.17, 55-040 Ślęza, KRS 0000750346, NIP 8992851201, REGON 381390129, share capital: PLN 67,000.00, e-mail address: contact@less.today, telephone number 48 737-195-555 – hereinafter referred to as "Controller", which at the same time is the Website Owner.

Personal data on the Website is processed by the Controller in accordance with the applicable law, in particular in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (general regulation on data protection) – hereinafter referred to as "GDPR" or the "GDPR Regulation". The official text of the GDPR Regulation can be found at: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679.

The use of the Website and the provision of the personal data by the Website user is voluntary, subject to two exceptions: (1) entering into agreements with the Controller: failure to provide the personal data in cases and in the scope required to conclude and execute the Sales Agreement or contract for the provision of electronic services with the Controller results in the inability to conclude the agreement. Providing personal data is in this case constitutes a contractual requirement and if the data subject wants to conclude a given agreement with the Controller, they are obliged to provide the required data. The scope of data required to conclude the agreement is each time indicated by the Controller; (2) statutory obligations of the Controller: providing personal data is a statutory requirement resulting from the generally applicable legal provisions imposing an obligation on the Controller to process personal data (e.g. data processing for the purpose of keeping tax or accounting books) and the failure to provide the data will prevent the Controller from performing these obligations.

The Controller takes special care to protect the interests of persons whose personal data they process, and in particular the Controller is responsible and ensures that the data collected by the Controller is: (1) processed in accordance with the law; (2) collected for specified, legitimate purposes and is not subject to further processing incompatible with those purposes; (3) factually correct and adequate in relation to the purposes for which they are processed; (4) stored in a form that permits the identification of data subjects, not longer than it is necessary to achieve the purpose of processing; and (5) processed in a manner that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures.

Taking into account the nature, scope, context and purposes of processing as well as the risk of violating the rights or freedom of natural persons with different likelihood and seriousness of risk, the Controller implements appropriate technical and organizational measures in order to process data in accordance with this regulation and to enable proving it. These measures shall be reviewed and updated where necessary. The Controller uses technical measures to prevent the acquisition and modification of personal data sent electronically by unauthorized persons.

All words, phrases and acronyms contained in this Privacy Policy which start with a capital letter (e.g. Website) should be understood in accordance with their meaning resulting from this document.

GROUNDS FOR DATA PROCESSING

The Controller is authorized to process personal data in cases where – and to the extent that – at least one of the following conditions is met: (1) the data subject has consented to the processing of their personal data for one or more specific purposes; (2) processing is necessary for the execution of an agreement to which the data subject is a party or for taking actions at the request of the data subject prior to the conclusion of the agreement; (3) processing is necessary for the Controller to fulfill their legal obligation; or (4) processing is necessary for purposes arising from legitimate interests pursued by the Controller or by a third party, except when the interests or fundamental rights and freedom of the data subject, requiring the protection of personal data, prevail over those interests, in particular when the data subject is a child.

The processing of personal data by the Controller each time requires the occurrence of at least one of the grounds indicated above. Specific grounds for processing personal data of Website users are indicated by the Controller in the next section of privacy policy – in relation to a specific purpose of processing of personal data by the Controller.

PURPOSE, GROUNDS AND DURATION OF DATA PROCESSING ON THE WEBSITE

Each time the purpose, grounds, the period and the recipients of personal data processed by the Controller result from actions taken by Website user.

The Controller may process personal data on the Website for the following purposes, on the following grounds, during the following periods and in the following scope:

The purpose of data processing: Execution of the agreement for the provision of electronic services or taking action at the request of the data subject prior to concluding the abovementioned agreement

Legal grounds for data processing: Article 6 paragraph 1b) of the GDPR Regulation (execution of the agreement) – processing is necessary for the execution of the agreement to which the data subject is a party, or for taking actions at the request of the data subject, before concluding the agreement

The period of data storage: Data is stored for the time necessary for execution, termination or expiration of the concluded agreement for the provision of electronic services.

The purpose of data processing: Direct marketing

Legal grounds for data processing: Article 6 paragraph 1f) of the GDPR Regulation (legitimate interest of the Controller) – processing is necessary for the purposes resulting from the legitimate interests of the Controller – consisting in caring for the interests and good image of the Controller, Website and the intention of selling products

The period of data storage: The data is stored for the duration of the legitimate interest pursued by the Controller, but not longer than during the period of limitation of the Controller’s claims in relation to the data subject, on account of business activity conducted by the Controller. The limitation period is defined by the law, in particular the Civil Code (the basic period of limitation for claims related to conducting business is three years, and for a sales agreement – two years).

The Controller cannot process data for direct marketing purposes in case the data subject clearly and effectively opposes to it.

The purpose of data processing: Marketing

Legal grounds for data processing: Article 6 paragraph 1a) of the GDPR Regulation (consent) – the data subject has consented to the processing of their personal data for marketing purposes by the Controller

The period of data storage: The data is stored until the data subject withdraws the consent for further processing of their data for this purpose.

The purpose of data processing: Book-keeping

Legal grounds for data processing: Article 6 paragraph 1c) of the GDPR Regulation in connection with the art. 74 par. 2 of the Accounting Act, i.e. dated 30 January 2018 (Journal of Laws of 2018, item 395) – the processing is necessary to fulfill the legal obligation of the Controller

The period of data storage: The data is stored for the period required by law, obligating the Controller to store accounting books (5 years, counting from the beginning of the year following the financial year to which the data pertain).

The purpose of data processing: Establishment, redress or defense of claims that may be filed by the Controller or that may be filed against the Controller

Legal grounds for data processing: Article 6 paragraph 1f) of the GDPR Regulation (legitimate interest of the Controller) – processing is necessary for purposes arising from legitimate interests of the Controller – that consist in establishment, redress or defense of claims which may be filed by the Controller or which may be filed against the Controller

The period of data storage: The data is stored for the duration of the legitimate interest pursued by the Controller, but not longer than for the period of limitation of claims which may be filed by the Controller (the basic limitation period for claims against the Controller is six years).

The purpose of data processing: The use of the Website and ensuring its proper operation

Legal grounds for data processing: Article 6 paragraph 1f) of the GDPR Regulation (legitimate interest of the Controller) – processing is necessary for the purposes arising from legitimate interests of the Controller, which consist in running and maintaining the Website

The period of data storage: The data is stored for the duration of the legitimate interest pursued by the Controller, but not longer than for the period of limitation of the Controller’s claims pertaining to the data subject, on account of business activity conducted by the Controller. The limitation period is defined by the law, in particular by the Civil Code (the basic period of limitation for claims related to conducting business activity is three years, and for a sales agreement – two years).

The purpose of data processing: Keeping statistics and analysis of traffic on the Website

Legal grounds for data processing: Article 6 paragraph 1f) of the GDPR Regulation (legitimate interest of the Controller) – processing is necessary for the purposes arising from legitimate interests of the Controller, which consist in keeping statistics and analyzing traffic on the Website in order to improve the functioning of the Website and increasing interest in the Controller’s products

The period of data storage: The data is stored for the duration of the legitimate interest pursued by the Controller, but not longer than for the period of limitation of the Controller’s claims in relation to the data subject, on account of the business activity conducted by the Controller. The limitation period is defined by the law, in particular by the Civil Code (the basic period of limitation for claims related to conducting the business activity is three years, and for a sales agreement – two years).

DATA RECIPIENTS ON THE WEBSITE

For the proper functioning of the Website, the Controller must use the services provided by external entities (such as e.g. software provider). The Controller uses only services of such processors who provide sufficient guarantees in terms of implementing appropriate technical and organizational measures, so that the processing meets the requirements of the GDPR Regulation and protects the rights of the data subjects.

The transfer of data by the Controller does not occur in each case and not to all recipients or categories of recipients indicated in the privacy policy – the Controller transfers data only when it is necessary for the purpose of processing personal data and only to the extent necessary to achieve it.

Personal data of the Website users may be transferred to the following recipients or categories of recipients:

a) service providers supplying the Controller with technical, IT and organizational solutions enabling the Controller to run a business (in particular an email provider and supplier of software for company management and technical assistance to the Controller) – The Controller makes the collected personal data available to a selected provider acting on its behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy.

b) providers of accounting, legal and advisory services providing the Controller with accounting, legal or advisory support (in particular accounting offices, law firms or debt collection agencies) – The Controller provides the collected personal data to a selected supplier acting on its behalf only in the case and to the extent necessary to achieve a given the purpose of data processing in accordance with this privacy policy.

PROFILING ON THE WEBSITE

The GDPR Regulation imposes on the Controller an obligation to inform about automated decision-making, including profiling, referred to in art. 22 par. 1 and 4 of the GDPR  Regulation, and – at least in these cases – relevant information about the rules for making decisions, as well as the significance and envisaged consequences of such processing for the data subject. With this in mind, the Controller provides information on possible profiling in this section of the privacy policy.

The Controller may use  profiling on the Website for direct marketing purposes, but the decisions made on its basis by the Controller do not relate to the conclusion or refusal to conclude e.g. the sales agreement or the possibility of using electronic services on the Website. The result of the use of profiling on the Website may be e.g. granting a discount, sending a discount code, sending a proposal of the service or product, which may be compliant with the interest or preferences of an individual or proposing better conditions compared to the standard offer on the Website. Despite profiling, a given person makes a free decision whether they want to use the discount or better conditions received in this way and enter into an agreement with the Controller.

Profiling on the Website consists in automatic analyzing or forecasting the behavior of a given person on the Website, e.g. through the sites of the Controller’s specific service. The prerequisite for such profiling is the Controller’s possession of personal data of a given person in order to be able to send them e.g. a discount code.

The data subject has the right not to be subject to a decision which is based solely on automated processing, including profiling, and produces legal effects in relation to this person similarly affects this person.

THE RIGHTS OF DATA SUBJECTS

Right of access, rectification, restriction, deletion or transfer – the data subject has the right to request the access to their personal data, rectify, delete them ("the right to be forgotten") or limit their processing and has the right to object to processing and the right to transfer their data. Detailed conditions for the exercise of the abovementioned rights are indicated in art. 15–21 of the GDPR Regulation.

The right to withdraw consent at any time – a person whose data is processed by the Controller on the basis of their consent (pursuant to art. 6 paragraph 1a) or art. 9 par. 2a) of the GDPR Regulation) has the right to withdraw their consent at any time without affecting the lawfulness of the processing, which was made on the basis of consent before its withdrawal.

The right to lodge a complaint to the supervisory body – a person whose data is processed by the Controller has the right to lodge a complaint to the supervisory body in the manner and mode specified in the provisions of the GDPR Regulation and Polish law, in particular the Act on the Protection of Personal Data. The supervisory body in Poland is the President of the Office for Personal Data Protection.

Right to object – the data subject has the right to object at any time – for reasons related to their special situation – to the processing of their personal data based on art. 6 par. 1e) (task in public interest) or f) (legitimate interest of the Controller), including profiling, on the basis of these provisions. In such a case, the Controller may no longer process such personal data unless the Controller proves that there are valid legal grounds for processing that override the interests, rights and freedoms of the data subject or the grounds for establishment, redress or defense of claims.

Right to object related to direct marketing – if personal data are processed for direct marketing purposes, the data subject has the right to object to the processing of their personal data for such marketing purposes at any time, including profiling, to the extent that the processing is related to such direct marketing.

In order to exercise the rights referred to in this section of the privacy policy, you can contact the Controller by sending a relevant message in writing or by e-mail to the Controller’s address indicated in the beginning of the privacy policy or by using the contact form available on the Website.

INFORMATION CLAUSE ON THE WEBSITE

Who are we?

The controller of your personal data is CountMe Spółka z ograniczoną odpowiedzialnością, with the registered office at ul. Podwale 82-84 / 622, 50-414 Wrocław, e-mail: rodo@less.today

Why and on what basis do we process your personal data?

a. in order to execute the agreement concluded with you, for example an agreement for the provision of electronic services (Article 6 paragraph 1b of the GDPR),

b. in order to fulfil tasks and duties imposed on the Controller by law,

c. also for our legitimate interest (Article 6 point 1f of the GDPR), consisting in the possible establishment, exercise or defence of claims,

d. implementation of activities to which consent has been given (Article 6 point 1a of GDPR.

How long do we keep your personal data?

Your data will be kept for the period necessary to fulfil the legal obligation of the Controller and to exercise and defence of claims by the Controller and in the event of granting consent, until it is withdrawn.

Who do we share your personal data with?

Your personal data may be transferred to the following categories of recipients, depending on the method of executing the agreement selected by you or other processing operation:

a. entities handling electronic or credit card payments

b. service providers supplying the Controller with technical, IT and organizational solutions enabling the Controller to conduct business activities, including the Online Store and Services provided through it

c. providers of accounting, legal and advisory services rendering accounting, legal or advisory services to the Controller (in particular an accounting office, a law firm or a debt collection company)

Do you need to provide us with your data?

Providing personal data is a statutory requirement or a condition necessary to conclude an agreement, therefore failure to provide data to the extent required by the Controller may result in the inability to conclude an agreement or perform tasks resulting from legal provisions. However, you have full voluntariness in providing us with your personal data.

What rights do you have in relation to the processing of data?

a. Access to data;

b. request to immediately rectify your data that is incorrect and supplementing it if it is incomplete,

c. request to remove your personal data,

d. request to limit processing in certain cases,

e. the Controller must notify each recipient to whom your data has been disclosed about changes made by you in your personal data (rectification, deletion, limitation);

f. object to data processing,

g. request to transfer data.

You also have the right to lodge a complaint to the President of the Office for Personal Data Protection

If you have concerns about the manner or form in which we process your personal data, please write to us at the address: rodo@less.today and describe your case.

You can also contact the President of the Office for Personal Data Protection via the website at:

Prezes Urzędu Ochrony Danych Osobowych

ul. Stawki 2

00-193 Warsaw

Information clause – for job applicants

This information is about how we process your data you provide to us in your CV.

We are the controller of your personal data and in accordance with the law, we are obliged to provide you with information about why and how we use your data as well as about your rights.

By sending your job application to CountMe Spółka z ograniczoną odpowiedzialnością, you agree to the processing of your personal data by CountMe Spółka z ograniczoną odpowiedzialnością in order to carry out the recruitment process for the position indicated in the advertisement.

Who are we?

We are CountMe Spółka z ograniczoną odpowiedzialnością, with the registered office at ul. Podwale 82-84 / 622, 50-414 Wrocław

You can contact us on matters relating to personal data by e-mail: rodo@less.today or write to us using the address indicated above marked "personal data protection".

1. We process your data for the purpose and on the basis of the regulations:

• the data that you provide to us that is indicated in the Labour Code is processed by CountMe Spółka z ograniczoną odpowiedzialnością in accordance with article 6, paragraph 1c of the GDPR. It refers to the data processing in order to meet legal requirements. The provision of this data is necessary to take part in the recruitment process,

• we process the data which you provide to us and which go beyond the scope indicated in the Labour Code, (e.g. photo) based on your voluntary consent, which you express by sending your recruitment application to CountMe Spółka z ograniczoną odpowiedzialnością in accordance with article 6, paragraph 1a of the GDPR. Their provision does not affect the possibility of participating in the recruitment process,

• our legitimate interest (article 6, paragraph 1f of the GDPR), consisting in the establishment, exercise, enforcement and defence of claims in proceedings before courts and other state authorities, if the claims relate to our recruitment process.

If you do not want us to process additional data, do not include it in your documents.

2. Your data is kept for:

a. 3 months from the end of the recruitment process for a particular position in case of current recruitment,

b. until the withdrawal of your consent (before 3 months) in the case of data going beyond those indicated in the Labour Code,

c. until the fulfilment of your request to remove your personal data (within 3 months).

3. Your data is not shared outside of CountMe Spółka z ograniczoną odpowiedzialnością

4. What rights do you have?

In connection with the processing of your personal data, you have the right to:

The right to withdraw consent

Your consent to the processing of data is voluntary. Any consent can be withdrawn at any time in writing or by electronic means. This does not affect the lawfulness of processing that took place on the basis of consent prior to its withdrawal.

The right to access data

You can request:

- CountMe Spółka z ograniczoną odpowiedzialnością to provide you with the information about whether it processes your data,

and if it does process it, you can ask:

- for access to this data,

- to be provided once again with information about the processing that you are reading right now.

The right of rectification

If you find that your personal information which CountMe Spółka z ograniczoną odpowiedzialnością processes is incorrect or incomplete, you have the right to demand from CountMe Spółka z ograniczoną odpowiedzialnością to immediately correct it.

The right to delete data

You have the right to request CountMe Spółka z ograniczoną odpowiedzialnością to cease to process your data and remove it (subject to refusal to remove it in the event of the Controller’s legal obligation).

The right to limit processing

If you think that:

- the data processed by CountMe Spółka z ograniczoną odpowiedzialnością is incorrect,

- CountMe Spółka z ograniczoną odpowiedzialnością processes your data unlawfully, but you do not want us to remove it,

- the data processed by CountMe Spółka z ograniczoną odpowiedzialnością is needed for the establishment, exercise or defence of claims and you do not want CountMe Spółka z ograniczoną odpowiedzialnością to remove it, although CountMe Spółka z ograniczoną odpowiedzialnością no longer needs it,

You have the right to ask CountMe Spółka z ograniczoną odpowiedzialnością to limit the processing of your data. If CountMe Spółka z ograniczoną odpowiedzialnością fulfils such request, your data will be kept and processed only for the purpose of the establishment, exercise or defence of claims, or to protect the rights of another natural or legal person or for important public interest.

We will limit the processing of your data also when you object to the processing due to reasons related to your particular situation. The period of this limitation will last depending on whether the interest of CountMe Spółka z ograniczoną odpowiedzialnością is superior to the reasons for your opposition.

The right to notify recipients

If your data is corrected, deleted or CountMe Spółka z ograniczoną odpowiedzialnością limits their processing, CountMe Spółka z ograniczoną odpowiedzialnością will inform recipients of this data about it, unless it will be impossible or will require an unreasonable effort.

If you request it, CountMe Spółka z ograniczoną odpowiedzialnością will inform you about these recipients.

The right to transfer data

If your data is processed on the basis of consent or contract in an automated manner, then CountMe Spółka z ograniczoną odpowiedzialnością will fulfil your request to transfer your data. The data will be provided to you in a commonly used format that will allow it to be transferred to another controller without undue difficulty.

If you request it, CountMe Spółka z ograniczoną odpowiedzialnością will send the data directly to the new Controller.

The transfer of data does not automatically lead to deleting your data at CountMe Spółka z ograniczoną odpowiedzialnością.

The right to object

You have the right to object to the processing of data for reasons related to your particular situation.

5. You also have the right to report any concerns regarding the processing of your data by us to CountMe Spółka z ograniczoną odpowiedzialnością or to lodge a complaint to the President of the Office for Personal Data Protection (2 Stawki Street, 00-193 Warsaw).