valid from July 29, 2019
This privacy policy contains the terms adopted by:
myREST Sp. z o.o. registered office in Kraków (30-347 Kraków, ul. Kapelanka 12), registered by the District Court for the capital city of Kraków-Śródmieście in Kraków, Commercial Division under KRS number: 0000747514, with the share capital of PLN 5,000.00 contributed in full, NIP 6762554361, REGON 0000747514, principles of processing personal data collected from users of the www.myREST.io service (hereinafter referred to as the "Service").
The Privacy Policy document, located in the company's domains, is a manifestation of concern for the rights of persons visiting the Service and using the services offered through it.
Document:
– indicates the types of personal data we collect;
– explains how and why we collect and use personal data;
– explains when and why we will share personal data with other organisations;
– explains the rights and choices you have regarding your personal data.
It also fulfils the information obligation arising from:
Art. 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU L119, 4.05.2016, p. 1) (hereinafter referred to as "GDPR").
Personal Data
1. Personal data – in accordance with the provisions of Article 4, point l) of the GDPR means information about an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular on the basis of an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Personal data administrator
2. The administrator of the personal data of Service Users is:
myREST Sp. z o.o. with its registered office in Kraków (30-347 Kraków, ul. Kapelanka 12), registered by the District Court for the capital city of Kraków-Śródmieście in Kraków, Commercial Division under the KRS number: 0000747514, with the share capital of PLN 5,000.00 contributed in full, NIP 6762554361, REGON 0000747514.
Email to the person responsible for personal data protection [email protected]
Basis, purpose and scope of processing
3. The data administrator declares that it processes users’ personal data in accordance with:
(Article 6(1)(b) – i.e. processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract; or (Article 6(1)(a) – i.e. based on the consent of the data owner in the case of marketing use.
4. The data controller processes personal data in order to fulfill the contract or for the purpose indicated in the consent. The data controller processes them only to the extent necessary for these purposes and for the time necessary to fulfill the contract, or until the consent is withdrawn by the Service user.
5. The Administrator Service, located at myREST.io, collects the following personal data of Service users:
- name and surname
- email
- phone number
6. The recipients (processors of entrustment) of personal data will be: the entity providing maintenance support for the myREST.io service and entities providing IT support for myREST sp. z o.o., including entities from outside the European Economic Area. The exchange of personal data with these entities is regulated by a data entrustment agreement.
7. Personal data of Service Users are not made available to third parties, except when such disclosure results from applicable legal provisions obliging the Personal Data Administrator to transfer them to authorized entities.
8. The Administrator collects service logs, but does not associate them in any way with personal data. Statistics can be generated based on log files to assist in administration. Collective summaries in the form of such statistics do not contain any features identifying persons visiting the Service.
User Rights. Right to access data
In accordance with Articles 15–22 of the GDPR, every User has the following rights:
1. Right of access to data (Article 15 of the GDPR)
The data subject is entitled to obtain from the Controller confirmation as to whether personal data concerning him/her are being processed and, if so, is entitled to access them. In accordance with Article 15, the Controller shall provide the data subject with a copy of the personal data undergoing processing.
2. The right to rectification (Article 16 of the GDPR)
The data subject has the right to demand that the Administrator immediately rectify any personal data concerning him or her that is incorrect.
3. The right to erasure (“the right to be forgotten”) (Article 17 GDPR)
The data subject has the right to demand that the Controller immediately delete his or her personal data, and the Controller is obliged to delete personal data without undue delay if one of the following circumstances occurs:
(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(b) the data subject has withdrawn the consent on which the processing is based;
c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing.
4. Right to restrict processing (Article 18 GDPR)
The data subject has the right to request that the controller restrict processing in the following cases:
a) When the data is incorrect – in time for its correction.
b) The data subject has objected to the processing under Article 21(1) – pending the determination of whether the legitimate grounds on the part of the Controller override the grounds for objection of the data subject.
c) The processing is unlawful and the data subject opposes the deletion of the personal data, requesting instead the restriction of their use.
5. Right to data portability (Article 19 GDPR)
6. 6. Right to object
Where personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of his or her personal data for such marketing purposes, including profiling, to the extent that the processing is related to such direct marketing.
7. The User may exercise their rights by sending an appropriate request to the address [email protected]. The request, for the purpose of correct identification, should be sent from the email address from which the registration was made. This is the implementation of Article 12, paragraph 6 of the GDPR. The request may also be submitted by mail - by sending a registered letter containing such a request to the correspondence address of the Company run by the Data Controller.
8. In accordance with the provisions of law, the Administrator shall provide the person who submitted the request with a response on the actions taken within one month. If the Administrator does not take such actions, it shall inform the person submitting the request of this fact.
9. You have the right to lodge a complaint with the Supervisory Authority regarding the Administrator's actions.
Security
The service is secured with measures to protect personal data that are under the Administrator's control, against their loss, misuse and modification. The Administrator also has appropriate documentation and has implemented appropriate procedures for the protection of personal data in the company.
The Administrator ensures that all disclosed information is protected in accordance with applicable security regulations and standards, in particular:
a) Only authorized employees or associates of the Data Controller and authorized persons involved in the operation of the Service who have been granted appropriate powers of attorney have direct access to personal data collected by the Data Controller in accordance with Article 29 of the GDPR.
b) The Administrator declares that by commissioning other entities to provide services, it requires its partners, in accordance with disposition 28 of the GDPR, to ensure appropriately high standards of protection of the entrusted personal data, to sign appropriate entrustment agreements in which the partners confirm the application of standards and the right to control the compliance of these entities' activities with these standards.
c) In order to ensure proper protection of the services provided by it electronically, the Service Administrator applies a high level of security, including cryptographic protection of personal data transmission (SSL protocol) in accordance with Part C of the Regulation of the Minister of Internal Affairs and Administration of 29 April 2004 on personal data processing documentation and technical and organizational conditions that should be met by devices and IT systems used to process personal data (Journal of Laws No. 100, item 1024).
d) Due to the public nature of the Internet, the use of services provided electronically may involve risks, regardless of the exercise of due diligence by the Data Controller.
Cookies mechanism. Links to other sites
Some areas and functions of the Service may use cookies, which are text files saved on the user's computer, identifying the user in a way necessary to enable certain operations. Cookies are used, among other things, to remember data necessary for logging in the user. The condition for cookies to work is their acceptance by the browser and not deleting them from the disk.
Cookies
1. The website uses "session" cookies (saved until you leave the website, close your browser) and permanent cookies (saved on your computer for a specified period of time).
2. Users of the pages can change the settings in this regard. The web browser allows deleting and blocking files. Detailed information on this subject is included in the help or documentation of the web browser.
3. Disabling cookies will most likely limit or block some of the site's functions.
4. Information on managing cookies in individual browsers can be found on the websites dedicated to the individual browsers:
Firefox: https://support.mozilla.org/pl/kb/ciasteczka
IE: https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies
Chrome: https://support.google.com/chrome/answer/95647?hl=pl
Opera: http://help.opera.com/Linux/12.10/pl/cookies.html
Safari: https://support.apple.com/pl-pl/HT201265
Additional information about cookie management can be found on websites such as:
Third party cookiess
1. The myREST.io website uses third-party cookies – Google Analytics – more information can be found at: google.com/analytics/learn/privacy.html.
2. Cookies used on myREST.io websites do not contain personal data.
Changes to Privacy Policy
1. The Service Administrator reserves the right to change the above privacy policy at any time and in any place, committing to publish the new privacy policy on the Service pages as soon as possible and then informing all registered Users about it.
2. The Data Administrator reserves the right to introduce changes, withdraw or modify the functions or properties of the Service websites, as well as to discontinue operations, transfer rights to the Service and perform any legal actions that are permitted by applicable law.