Optiba Platform Privacy Policy

 

Let's start with some definitions:

PDC – Personal Data Controller, i.e. Aserto Sp. z o.o.

RODO – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation)

optiba.com – an online platform owned by Aserto Sp. z o.o. where we provide our services. The web platform is located at the following address: https://optiba.com

cookies - computer data, in particular small text files, saved and stored on the devices through which the user makes use of the optiba.com platform

User – an adult natural person who uses the services offered by Aserto Sp. z o.o

 

Personal Data Controller

A Personal Data Controller is Aserto Sp. z o.o. with its registered office at 7 Jana Wiktora Street, 36-100 Kolbuszowa.

We take care of your data:

We make every effort to ensure the security of your personal information. The Services use encrypted data transmission (SSL) during registration and login, which ensures protection of identifying you data and makes it significantly more difficult for unauthorised systems or individuals to intercept access to your Account.

 

What is personal data:

Personal data is, according to the RODO, any information about an identified or identifiable natural person. If you visit from our website, such data are, for example, your name, email address, IP address, telephone number. Personal data may be stored in cookies or similar technologies (e.g. local storage) installed by us or our Partners on our website and the devices you use when using our services.

 

Basis and purpose of processing:

The processing of personal data obliges you to demonstrate a legal basis. The RODO provides for several types of such legal basis for the processing of data, and in cases involving the use of our services there will, in principle, be three of them:

  1. Necessity of the processing for the conclusion or performance of a contract to which you are a party. A contract is, in our case, the terms and conditions of a particular service. So if we enter into a contract with you for the provision of a particular service (e.g. a service providing you with the opportunity to learn about aserto.co.uk based on the content of the terms and conditions of that website), we may process your data to the extent necessary for the performance of that contract.
  2. Necessity of processing for purposes arising from legitimate interests pursued by the controller or by a third party. This basis for processing applies when the processing is justified by our legitimate needs, which includes, but is not limited to, the obligation to ensure the security of the service, to make statistical measurements, to improve our services and adapt them to the needs and comfort of users (e.g. personalising content in the services) as well as to carry out marketing and promotion of our own services.
  3. Your voluntary consent. It is especially necessary when marketing services are provided to you by third parties (i.e. the Partners referred to below) and when we are the ones providing such services to third parties. In order to be able to show advertisements of interest to you (e.g. of a product you may need), the advertisers and their representatives must be able to process your data. The granting of such consent is non-compulsory, and you do not have to give it if you do not want to. With our solution, you also have the option to narrow the scope or change your consent at any time. Your other rights arising from giving consent are set out below.

Your data, as part of our services, will only be processed where we or another data processor has one of the legal bases permitted by the RODO and only for the purpose tailored to that basis, as described above. Your data will be processed for as long as the basis for processing exists - that is, where consent has been given until it is withdrawn, limited or otherwise restricted on your part, where data is needed for the performance of a contract, for the duration of the performance of the contract, and where the basis for processing is a legitimate interest of the controller, for as long as that legitimate interest exists.

The controller may process personal data for the following purposes, on the grounds, and for the periods indicated in the table below:

 

Purpose of data processing

Legal basis for data processing

Data retention period

Performing the contract or taking action at the request of the data subject prior to entering into the aforementioned contracts.

Article 6(1)(b) of the RODO Regulation (performance of a contract) - processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract.

The data shall be stored for the period necessary for the performance, termination or otherwise expiry of the contract concluded..

Direct marketing

Article 6(1)(f) of the RODO Regulation (legitimate interest of the Controller) - processing is necessary for the purposes of the Controller's legitimate interests - including looking after the Controller's interests and good image

The data shall be stored for the period of existence of the legitimate interest pursued by the Controller, but no longer than for the period of limitation of the Controller's claims against the data subject in respect of the Controller's business activities. The limitation period shall be determined by the provisions of law, in particular the Civil Code (the basic limitation period for claims related to the conduct of business activities is three years). The Controller may not process data for direct marketing purposes in the event of an effective objection in this respect by the data subject.

Marketing

Article 6(1)(a) of the RODO Regulation (consent) - the data subject has consented to the processing of his/her personal data for marketing purposes by the Controller

Data shall be stored until the data subject has withdrawn his or her consent to further processing for this purpose.

Customer’s feedback

Article 6(1)(f) of the RODO Regulation (legitimate interest of the Controller) - the processing is necessary for the purposes of the Controller's legitimate interests - consisting of looking after the interests and good image of the Controller

The data shall be stored for the period of existence of the legitimate interest pursued by the Controller, but no longer than the period of limitation of the Controller's claims against the data subject in respect of the Controller's business activities. The limitation period is determined by law, in particular the Civil Code (the basic limitation period for claims related to the conduct of business activities is three years).

Keeping tax books

Article 6(1)(c) of the RODO Regulation in conjunction with Article 86 § 1 of the Tax Ordinance, i.e. of 17 January 2017. (Journal of Laws of 2017, item 201)-processing is necessary for the fulfilment of a legal obligation incumbent on the Controller

The data is retained for the period required by the law requiring the Controller to keep tax books (until the expiry of the statute of limitations on tax liability, unless otherwise provided by the tax laws).

Establishing, pursuing or defending claims which the Controller may raised or which may be raised against the Controller

Article 6(1)(f) of the RODO Regulation (legitimate interest of the Controller) - processing is necessary for the purposes of the Controller's legitimate interests - consisting of establishing, pursuing or defending claims which the Controller may raise or which may be raised against the Controller

Data shall be stored for the period of existence of the legitimate interest pursued by the Controller, but no longer than the period of limitation of claims that may be raised against the Controller (the basic limitation period for claims against the Controller is six years).

Using the Controller's services and ensuring that they operate correctly

Article 6(1)(f) of the RODO Regulation (legitimate interest of the Controller) - the processing is necessary for the purposes of the Controller's legitimate interests - consisting in the provision of services

The data shall be stored for the period of existence of the legitimate interest pursued by the Controller, but no longer than for the period of limitation of the Controller's claims against the data subject by virtue of the Controller's business activities. The limitation period is determined by law, in particular the Civil Code (the basic limitation period for claims related to the conduct of business activities is three years).

Keeping statistics and analysing website traffic

Article 6(1)(f) of the RODO Regulation (legitimate interest of the Controller) - processing is necessary for the purposes of the Controller's legitimate interests - consisting of statistics and website traffic analysis.

The data shall be stored for the period of existence of the legitimate interest pursued by the Controller, but no longer than for the period of limitation of the Controller's claims against the data subject by virtue of the Controller's business activities. The limitation period is determined by law, in particular the Civil Code (the basic limitation period for claims related to the conduct of business activities is three years).

 

Data transfer:

Your data will be processed by Aserto Sp. z o.o. and the Partners of Aserto Sp. z o.o. if you give them your consent, but it may also be entrusted to other entities for processing. In any such case, the transfer of data does not give the recipient legal grounds to use the data freely, but only to use them for the purposes expressly indicated by Aserto Sp. z o.o. or its Partner. The transfer of data usually takes place when working with a subcontractor (e.g. a marketing agency) or a service provider (e.g. a data storage provider). In any case, the transfer of data does not release the transferor from responsibility for the processing of the data. Data may also be directed to public authorities if they are authorised to do so by the applicable legislation and make an appropriate request, but never otherwise.

 

How you can contact us:


You have a number of rights in relation to our processing of your personal data. You can exercise each of your rights by contacting us by email at: rodo@aserto.pl

What data we process and why:

In connection with the services we provide via aserto.co.uk, we process your data for various purposes. We may also process it when you access our website. Below we have listed all the cases where we process your data. We have also indicated the scope of this data and the legal basis in accordance with the provisions of the RODO.

We process your data such as name, email, telephone number for the following purposes:

  • recruitment;
  • marketing our own products and services;
  • to send commercial information by electronic means.

In all of the above cases, we can process your data because you have given your consent.

Personal data are processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.

 

Data collected

Personal data or information means any information relating to a person by which that person can be identified. It does not mean non-identifying data (anonymised data). We may collect, use, store and transfer different types of your personal data, which we categorise as follows:

  1. Identity data- includes name, maiden name, username or similar identifier, marital status, title, date of birth and gender.
  2. Contact details - include home address, delivery address, email address and telephone numbers.
  3. Financial data- includes bank account or payment card details.
  4. Transactional data-Includes details of payments made between us and user or information about products or services purchased from us.
  5. Technical data- includes the user's IP address, login data, browser type and version, time zone and location settings, browser plug-in types and versions, operating system and platform or information about other technologies and devices used by the user to access the website.
  6. Profile data - includes username and password, purchases or orders made by you, your interests, preferences or survey responses.
  7. User’s data- includes information about how the website is used, products or services by the user.
  8. Marketing and communication data - includes user’s preferences for receiving commercial information or communications from us or third parties.

We may also collect, use and share Aggregated Data, such as statistical or demographic data, for any purpose. Aggregated data may be derived from your personal data, but is not considered personal data itself from the point of view of applicable law, as it does not reveal your identity in any way. We may, for example, aggregate Usage Data to calculate the percentage of users who use a specific function on a website. However, if we combine Aggregated Data with Personal Data in a way that directly or indirectly identifies you, we will treat such data as Personal Data, which will be used in accordance with this information on privacy protection. We do not collect any Special Categories of Personal Data about users (e.g. data about your race or ethnicity, religion or belief, life or sexual orientation, political opinions, trade union membership or information about your health and genetic and biometric data). We also do not collect any information about crimes or offences committed. If the user does not provide any personal data. If we are required by applicable law or by the provisions of contracts signed with user to collect his/her personal data and he/she does not provide us with the required personal data, it is possible that we will not be able to fulfil the contract signed or to be signed (e.g. to provide user with products or services). In such cases, we may have to cancel the product or service in question, but the user will be informed accordingly.

 

How we collect user’s personal data:

We use various methods to collect personal data, including:

    1.Direct interaction

User may provide us with his/her identity, contact and financial data by filling in the relevant forms or through postal, telephone, e-mail or other correspondence. This means personal data provided to us during:

•ordering our products or services,

•creating an account on our website,

•subscribe to our services or publications,

•willing to receive commercial information,

•participate in a competition, promotion or survey, or

•giving feedback to us.

  1. Automatic technologies or interactions

We may collect technical data about user’s hardware, browser activity or browsing patterns when users interact with our website. We collect this type of personal data through cookies, server logs or other similar technologies.

  1. Third parties and public data sources

We may collect and receive users’ personal data from various third parties with users’ permission to provide us with users’ data and from publicly available sources.

 

Profiling:

Profiling means the processing of personal data involving the use of your personal data, such as your IP address, to assess some of your characteristics. However, we want to reassure you that we do not make automated decisions in relation to you, and we only carry out profiling for the purpose of tailoring Aserto Sp. z o.o.'s marketing offer and for the purpose of creating personality profiles of the Customer.

 

Who we share your data with and where we share it:

We can only share your data if you have given your consent or with authorised entities if necessary. Furthermore, access to your data will be granted to our employees, for whom it is necessary in order to perform their daily duties, and to subcontractors, i.e. entities we use to process your data: IT companies, accounting companies, marketing agencies and other independent recipients: business partners.

Your data may also be made available to entities authorised to obtain them under applicable law, e.g. law enforcement authorities, the President of the Office for Personal Data Protection, etc. To the extent permitted by applicable law, we may also share your data with debt collection and debt trading institutions.

Our suppliers have their registered offices mainly in Poland, but also in the European Union and worldwide. In connection with the transfer of your data, we have ensured that our suppliers provide guarantees of a high level of personal data protection. These guarantees arise in particular from the obligation to apply the standard contractual clauses adopted by the Commission (EU) or participation in the “Privacy Shield” programme established under Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided by the EU-US Privacy Shield.

 

How long we process your data:

We will keep your data such as your name, email address, telephone number that we process for direct marketing of our products until you object to their processing. For this purpose, you should withdraw your consent. Otherwise, we may decide to terminate the processing of this data if we determine that the consents received from you have become obsolete. Data obtained during the recruitment process is only stored for the duration of the recruitment in question.

Depending on the purpose for which we process your personal data, it may be processed by us for the following periods:

  1. performance of contracts - for the period of performance of the contract you have entered into with us or which your employer or an entity with which you work with has entered into with us, and for the period of the statute of limitations for claims under the contract,
  2. Recruitment - until the recruitment for the position you are applying for is complete and, where you have given separate consent for us to process your data for future recruitment, we will keep your data for a period of 2 years from the time it was collected,
  3. to provide answers - for the duration of our ongoing relations (e.g. answering questions, making offers, exchanging correspondence) and after the relations have ended for a period of one year.
  4. keeping statistics - up to the moment you raise an objection, but no longer than for a period of 50 months from your last activity on the website
  5. archiving purposes - for as long as necessary for that purpose,
  6. the establishment, investigation or defence of claims - for the period of time necessary for this purpose,
  7. provision of the newsletter service - until you unsubscribe from the newsletter.

 

What rights you are entitled to:

We want you to know that you are entitled to:

  • Access to your data and to receive a copy of it. You have the right to obtain confirmation from us as to whether we are processing your personal data and, if this is the case, you are entitled to:
    1. get access to your personal data,
    2. be informed about the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients of that data, the intended period of storage of your data or the criteria for determining that period, your rights under the RODO and your right to lodge a complaint with a supervisory authority, the source of that data, automated decision-making, including profiling, and the safeguards applied in connection with the transfer of that data outside the European Union,
    3. obtain a copy of your personal data.
  • do to rectify (correct) your data. You have the right to rectify and complete the personal data you have provided. With regard to other personal data, you have the right to request us to rectify this data (if it is incorrect) and to complete it (if it is incomplete);
  • do delete (right to be forgotten) - if, in your opinion, there is no basis for us to process your data you can request that we delete it. You have the right to request deleting your personal data if:
    1. You have withdrawn specific consent, insofar as personal data was processed on the basis of your consent;
    2. Your personal data is no longer necessary for the purposes for which it was collected or for which it was processed;
    3. you have objected to the use of your data for marketing purposes;
    4. you have objected to the use of your data for aserto.pl usage statistics and satisfaction surveys, and your objection has been found to be justified;
    5. Your personal data is being processed unlawfully.

Despite a request for deletion of personal data, due to the filing of an objection or withdrawal of consent, we may retain certain personal data to the extent necessary for the establishment, investigation or defence of claims. This applies in particular to personal data including: name, e-mail address, telephone number and application history, which we retain for the purposes of investigating complaints and claims relating to the use of our services.

  • restrictions on data processing – - you can request that we restrict the processing of your personal data only to storing it or carrying out activities agreed with you, if in your opinion we have inaccurate data about you or are processing it unfoundedly, or you do not want us to delete it because you need it to establish, pursue or defend your claims, or for the duration of raising objection to data processing. You have the right to request the restriction of the use of your personal data in the following cases:
    1. when you question the accuracy of your personal data, in which case we will restrict the use of your personal data for the time we need to check the accuracy of your data, but for no longer than 5 working days;
    2. when the processing of your data is unlawful and, instead of deletion, you request the restriction of its use;
    3. when your personal data is no longer necessary for the purposes for which we collected or used it, but you need it in order to establish, pursue or defend a claim;
    4. when you have objected to the use of your data, in which case the restriction shall be for the time necessary to consider whether, in view of your particular situation, the protection of your interests, rights and freedoms outweighs the interests we pursue by processing your personal data.
  • do to object to the processing of your data for direct marketing purposes. If you exercise this right - we will stop processing your data for this purpose. If your objection proves to be valid and we have no other legal basis for processing your personal data, we will delete your data against the use of which you have objected;
  • do to data portability – - you have the right to receive from us in a structured, commonly used machine-readable format, such as a CV, the personal data relating to you that you have provided to us on the basis of your consent. You can also have us send this data directly to another party;
  • lodge a complaint with a supervisory authority. You can make complaints, queries and requests to us regarding the processing of your personal data and the exercise of your rights. If you believe that we process your data unlawfully, you can complain about this to the President of the Data Protection Authority or any other supervisory authority.

Please note that you have the right to  withdraw your consent to the processing of your personal data at any time.. The withdrawal of consent has effect from the moment of withdrawal. The withdrawal of consent does not affect the processing we lawfully carried out prior to the withdrawal of consent. The withdrawal of consent does not entail any negative consequences for you. However, it may prevent you from continuing to use services or functionalities that we can only lawfully provide with your consent.

 

How you can demand that we exercise your rights:

To exercise your rights, address your request to the email address biuro@aserto.pl. Please note that before exercising your rights we will need to ensure that you are exactly the person who provided us with all the data, i.e. we will identify you accordingly.

If, in the exercise of the aforementioned rights, you make a request to us, we shall either comply with the request or refuse to comply with it immediately, but no later than one month after receipt. However, if - due to the complexity of the request or the number of requests - we are unable to comply with your request within one month, we shall comply within a further two months by informing you in advance of the intended extension.

For technical reasons, we always need 5 days to update your selected settings on our systems. Therefore, you may receive an email from us during the systems update that you have resigned to receive.

 

Cookies:

Our website uses technology such as cookies, local storage and similar to collect and process personal data and usage data in order to personalise the content and advertising provided and to analyse the traffic on our website. This technology is also used by our Partners in the same way. Cookies are IT data saved in files and stored on your end device (i.e. your computer, tablet, smartphone, etc.). Your browser sends this data to the server each time you access a page from your device while visiting various pages on the internet.

By accepting cookies, you consent to the processing of your personal data collected in connection with your visit to our website, including its processing in cookies etc. installed on your devices and read from these files by Aserto Sp. z o.o. and Partners. You can do so by clicking on the "I accept" button. Your consent is voluntary. You can change your preferences regarding the consent you have given at any time, including even withdrawing it completely, by following our privacy policy. The above consent applies to processing for marketing purposes other than Aserto Sp. z o.o. and Partners' own purposes. At the same time, we would like to inform you that Aserto Sp. z o.o. and Partners, within the framework of the online services provided by them, will process your data for their own marketing and recruitment purposes described in detail above based on their legitimate interest as a controller.

 

Cookie policy:

Our Website does not automatically collect any information except that contained in cookies.

Cookies are IT data, in particular text files, which are stored in the Service User's end device and are intended for use on the Website. Cookies usually contain the name of the website they come from, the time they are stored on the end device and a unique number.

Cookies are used for:

  • adapting the content of the Website pages to User preferences and optimising the use of the websites; in particular, these files allow for recognition of the Website User's device and appropriate display of the website, adapted to his/her individual needs;
  • creating statistics that help us understand how visitors to the Website use the websites, which enables us to improve their structure and content;
  • maintaining the session of the Service User..

In many cases, the web browsing software (web browser) allows cookies to be stored on the User's end device by default. Users of the Website may change their settings regarding cookies at any time. These settings can be changed in particular in such a way as to block the automatic handling of cookies in the settings of a web browser or inform on their each time placing in the equipment of a User of the Service. Detailed information on the possibility and methods of using cookies is available in the settings of your software (web browser).

 

Data security:

We have taken precautions to protect your personal information from random loss, use or access by unauthorised persons, alteration or disclosure. In addition, we restrict access to your personal data to only employees, agents, contractors and other third parties who have a genuine need to access it. They will only process your personal data in accordance with our guidelines and will be bound by confidentiality clauses. We have also implemented procedures to respond appropriately to suspected data leaks and will notify users and relevant controllers of data leaks when we are required to do so by applicable law.

Search engine powered by ElasticSuite