This document is outdated

Privacy Policy

1. Controller: 3E KOLCZYŃSKI, LIŻEWSKI, GĘDZIOROWSKI, ROSTOCKI spółka komandytowa with its registered seat in Warsaw (01-646), 32 Jelinka Street, entered into the register of entrepreneurs of the National Court Register under the KRS number 0000944999, registry files of which are kept by the District Court for the capital city of Warsaw in Warsaw, 20th Commercial Division of the National Court Register, NIP (tax ID no.): PL5213343778, REGON (statistical no.): 14014613, (hereunder: the “Controller”).

2. Contact details for Data-related issues: All requests and inquiries related to your rights can be directed to the following email address: info@orderingstack.com.

3. Data sources: Your personal data (hereunder: the “Data”) and Data of your contact persons (e.g. your employees, co-workers, agents who get in touch with us) that we collect:

   1. directly from You/your contact persons in scope of conclusion and execution of an agreement on provision of electronic services, incl. agreement on providing an account in OrderingStack or provision of other services in your favour, as well as in relation to those activities, such as name, surname, company name, registered seat, email address, phone number;

   2. indirectly, via cookies or similar technologies, as you or your contact persons leave them when using OrderingStack, i.e. e.g. name, surname, address, email, phone number, type of browser (user-agent), device data, incl. IP number.

4. Purposes and legal grounds of processing

   • Execution of the agreement, incl. logging-in, registration, using Controller’s services, as well as security, incl. above all prevention of cyber attacks

     • Article 6 point 1 letter b of GDPR (processing for the purpose of performance of a contract)
       

   • Statistical measurements

     • Article 6 point 1 letter b of GDPR (processing for the purpose of performance of a contract) or, if such measurements are not necessary for the purpose of agreement performance, Article 6 point 1 letter f of GDPR (legitimate interests pursued by the Controller)
       

   • Own marketing, incl. internet marketing, above all: retargeting, statistics and marketing analytics

     • Article 6 point 1 letter f of GDPR (legitimate interests pursued by the Controller)
       

   • Newsletters

     • Article 6 point 1 letter f of GDPR (legitimate interests pursued by the Controller)
       

   • External marketing (marketing of third parties), above all: retargeting, statistics and marketing analytics.

     • Article 6 point 1 letter a of GDPR (consent of the Data subject)
       

   • Maintaining business relationships and informing current or former clients about new services

     • Article 6 point 1 letter f of GDPR (legitimate interests pursued by the Controller)
       

   • Tax, accounting, anti-fraud and AML-related purposes, as well as other purposes resulting from Controller’s legal obligations

     • Article 6 point 1 letter c of GDPR (processing necessary to fulfill legal obligations of the Controller)
       

5. Retention period: We only process the Data for as long as it is necessary. When the purpose of the Data processing has been fulfilled, the Data will be deleted in accordance with our data retention policy, unless we are legally obliged to keep such Data. Depending on the legal grounds of processing, the Data may be processed for the following periods of time:

   • if the Data are processed based of a ground of necessity to execute the Agreement - during the term of the agreement and no longer than until expiry of claim limitation period related thereto;

   • if the Data are processed based on a ground of a legitimate interest of the Controller - until a successful objection is filed;

   • if the Data are processed for tax, accounting, anti-fraud or AML-related purposes - in the scope and for the period compliant with binding provisions of law;

   • if the Data are processed based on a consent - until withdrawal thereof.

6. Voluntary provision of Data: Providing the Data is voluntary.

7. Recipients: It may happen that we will transfer your Data to other entities. These are always trusted processors, who we entrusted execution of certain activities to in order to deliver You best services. It is also possible that we will transfer Your Data to state authorities, but only if we are obliged to do so - based on Article 6 point 1 letter c of GDPR.

8. Your rights: Depending on the situation, you are granted several rights based on the GDPR. You can withdraw your consent at any time, if we are processing your Data based on your consent. The withdrawal of your consent does not impact lawfulness of Data processing before such withdrawal. Additionally, you can raise an objection at any time, if we are processing your Data based on our legitimate interest. You also have the right to access your Data, including receiving a copy thereof; right of rectification of your Data; right of erasure of your Data; right to restrict processing of your Data; right to Data portability. If you have any complaints related to our processing of your Data, you have a right to file a complaint to the supervising authority - the President of the Personal Data Protection Office (www.uodo.gov.pl).

9. Transfer of Data to third countries (outside the EEA): We do not plan to transfer the Data to third countries (i.e. the countries outside the EEA (European Economic Area). Should it, however, happen, it will be executed in compliance with all requirements resulting from the binding provisions of law. Should the Data be transferred to an entity located in a third country, not ensuring an adequate level of protection, we will apply protection measures such as e.g. standard contractual clauses approved by the European Commission.

10. No automated decision-making: As a part of our marketing and service improvement activities, we analyse the Data in IT systems using various filters and tools. We perform these activities based on our legitimate interest (legal ground: Article 6 point 1 letter f of GDPR), which consists in searching and grouping categories of persons in order to determine which advertising messages may be of interest, as well as to improve our services. We do not make any automatic decisions towards You based on the results of the activities described above.

11. (Information about cookies): In order to ensure proper functioning of your services, we can sometimes place on your computer or mobile device small files containing IT data, so called “cookies”. Cookies are in particular text files, which are stored by the server on the computer or mobile device. The content of a cookie can be retrieved or read only by the server that created the cookie. The text in a cookie often consists of identifiers, site names, as well as some numbers and characters. Cookies are unique to the browsers or mobile applications you use, and enable websites to store various data, such as e.g. your preferences. Like many other Internet service providers, we use cookies to improve user experience (UX). Session cookies are deleted after each visit, while persistent cookies remain in place across multiple visits. Cookies allow websites to remember your settings such as language, font size on your computer or mobile device, or other browser preferences. This means that you do not need to reset preferences every time. Therefore, if cookies are not used, websites will treat you as a new visitor every time you load a web page. For example, if you are redirected to another web page from a website you are already logged into and then return to the original website, it will not recognize you and you will have to log in again. You can manage or delete cookies based on your own preferences. You can clear all the cookies stored on your device, while most of the web browsers provide the option of blocking cookies. However, by doing so, you have to change the user settings every time you visit our website. Find out how to manage cookies settings in your browser or on its dedicated website.

12. (Changes/Updating information) Since any privacy policy as an up-to-date information about Data processing, this Privacy Policy may be updated from time to time to ensure its consistency with actual processing of your Data. Current version of Privacy Policy is always available here and You are advised to consult it regularly.