1. Definitions

1.1. Controller – Apius Technologies S.A. with its registered office in Kraków (31-523), address: ul. Moniuszki 50, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for Kraków Śródmieście in Kraków, XI Commercial Division of the National Court Register under the number KRS: 0000565486, NIP [Taxpayer Identification Number]: 9452155088.

1.2. Personal Data – any information about an individual identified or identifiable by one or several specific factors determining physical, physiological, genetic, mental, economic, cultural or social identity, including IP of a device, location data, Internet ID and information collected through cookies or other similar technology.

1.3. Policy – this Privacy Policy.

1.4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

1.5. Website – website maintained by the Controller at the following address: www.apius.pl.

1.6. User – any natural person visiting the Website or using one or more services or functionalities described in the Policy.

2. Processing of data in connection with the use of the Website

2.1. In connection with the use of the Website by the User, the Controller collects data to the extent necessary to provide particular services, as well as information about the User’s activity on the Website. The detailed rules and purposes of processing of Personal Data collected during the use of the Website by the User are described below.

3. Purposes and legal basis for the processing of data on the Website

USAGE OF THE WEBSITE

3.1. The personal data of all persons using the Website (including IP address or other identifiers and information collected through cookies or other similar technologies), who are not registered Users (i.e. persons who did not create their profile on the Website), are processed by the Controller:

3.1.1. for the purpose of providing electronic services consisting in providing Users with access to the content stored on the Website – the legal basis for the processing is the necessity of carrying out the processing in order to perform the agreement (Article 6 (1)(b) GDPR);

3.1.2. for analytical and statistical purposes – the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR) consisting in conducting analyses of the Users’ activity and preferences in order to improve the functionalities and services provided;

3.1.3. in order to establish and exercise potential claims or defend against claims – the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR) consisting in protecting the Controller’s rights;

3.1.4. for marketing purposes of the Controller and other entities, in particular related to displaying behavioural advertising – the rules concerning the processing of Personal Data for marketing purposes are described in the MARKETING section below.

3.2. The User’s activity on the Website and their Personal Data are recorded in system logs (data created with the use of special computer software used to collect and store chronological records containing information about events and activities concerning the IT system that is used to provide services by the Controller). The information collected in the logs is processed primarily for the purposes related to the provision of services. The Controller also processes them for technical and administrative purposes, to ensure the security and management of the IT system, as well as for analytical and statistical purposes – in this respect, the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) the GDPR). 

CONTACT FORMS

3.3. The Controller provides the possibility of contactvia electronic contact forms. The use of the contact form requires the provision of Personal Data necessary to make it possible for the Controller to contact the User and to respond to the inquiry. The User may also provide other information to facilitate the communication or inquiry handling. Providing data marked as obligatory is required for accepting and handling the inquiry. Failure to provide such data makes it impossible for the Controller to handle the inquiry. Providing other data is voluntary.

3.4. The Personal Data are processed:

3.4.1. for the purpose of identifying the sender and handling the sender’s inquiry sent via the contact form – the legal basis for the processing is the necessity of carrying out the processing in order to perform the service agreement (Article 6 (1)(b) GDPR); when it comes to the data provided optionally, the legal basis for the processing is an individual’s consent (Article 6 (1)(a) GDPR); 3.4.2. for analytical and statistical purposes – the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR) consisting in conducting statistics of inquiries submitted by Users through the Website in order to improve its functionalities.

3.4.2. for analytical and statistical purposes – the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR) consisting in conducting statistics of inquiries submitted by Users through the Website in order to improve its functionalities.

4. Marketing

4.1. The Controller processes the Personal Data of the Users for the purpose of carrying out marketing activities, which may include:

4.1.1. showing the User marketing content that is not adapted to their preferences (contextual advertising);

4.1.2. conducting other activities related to direct marketing of goods and services (sending commercial information by electronic means and telemarketing activities).

CONTEXTUAL ADVERTISING

4.2. The Controller processes the Personal Data of the Users for marketing purposes in connection with addressing contextual advertising to the Users (i.e. advertising that is not tailored to the User’s preferences). The processing of Personal Data is then carried out with respect to the Controller’s legitimate interest (Article 6(1)(f) GDPR).

DIRECT MARKETING

4.3. The Personal Data of the User may also be used by the Controller for the purpose of addressingmarketing content to the User via various channels, i.e. e-mail, MMS / SMS or telephone. Such actions are taken by the Controller only if the User has given their consent, which may be withdrawn at any time.

4.4. In certain cases, the Controller may also carry out direct marketing via traditional post mail. The User will be informed separately of the Controller’s intention to conduct such marketing. The User has the right to object to such type of marketing.

5. Social networking websites

5.1. The Controller processes Personal Data of the Users visiting the Controller’s profiles in social media (e.g. YouTube, LinkedIn, Twitter). Such data are processed only in connection with the profile management, which includes informing the Users about the Controller’s activity and promoting various types of events, services and products. The legal basis for the processing of the Personal Data by the Controller for such purpose is the Controller’s legitimate interest (Article 6(1)(f) GDPR) consisting in promoting its own brand.

6. Cookies and similar technology

6.1. Cookies are small text files installed in the device of a User who visits the Website. Cookies collect information that facilitates the use of a website – e.g. by remembering the User’s visits to the Website and the activities carried out by the User.

“SERVICE” COOKIES

6.2. The Controller uses the so-called service cookies primarily to provide the User with services rendered electronically and to improve the quality of such services. Therefore, the Controller and other entities providing analytical and statistical services to the Controller use cookies to store information or gain access to information already stored in the User’s telecommunications terminal device (computer, telephone, tablet etc.). Cookies used for this purpose include:

6.2.1. cookie files with data entered by the User (session ID) for the duration of a session (user input cookies);

6.2.2. authentication cookies used in order to provide services that require authentication for the duration of a session;

6.2.3. cookies used for security purposes, e.g. to detect authentication abuse (user centric security cookies);

6.2.4. multimedia player session cookies (e.g. flash player cookies) for the duration of a session;

6.2.5. permanent cookies used to customise the User interface for the duration of a session or a little longer (user interface customisation cookies).

7. Analytical and marketing tools used by the Controller’s partners

7.1. For analytical and marketing purposes, the Controller and the Controller’s Partners use various solutions and tools. Please find below basic information about those tools. For details please refer to the privacy policy of a particular Partner.  

8. Management of cookie settings

8.1. The use of cookies in order to collect data, which includes getting access to data stored in the User’s device, requires the User’s consent. Such consent may be withdrawn at any time.

8.2. The permission is not required only in the case of cookies the use of which is necessary for the provision of a telecommunications service (data transmission in order to display content).

8.3. The consent for the use of cookies may be withdrawn by changing the browser settings. Detailed information on this subject can be found at the following addresses:

8.3.1. Internet Explorer: https://support.microsoft.com/...

8.3.2. Mozilla Firefox: http://support.mozilla.org/pl/...

8.3.3. Google Chrome: http://support.google.com/chro...

8.3.4. Opera: http://help.opera.com/Windows/...

8.3.5. Safari: https://support.apple.com/kb/P...

8.4. The User may at any time verify the status of the current privacy settings in their browser by using the tools available at the following addresses:

8.4.1. http://www.youronlinechoices.c...

8.4.2. http://optout.aboutads.info/?c...

9. Personal Data processing period

9.1. The period of data processing by the Controller depends on the type of service that is provided and the purpose of processing. As a general rule, data shall be processed as long as the service is being provided or the order is being carried out, until the consent is withdrawn or an effective objection to the processing of data is filed in those cases where the legal basis for the data processing is the Controller’s legitimate interest.

9.2. The processing period may be extended if processing is necessary to establish and exercise potential claims or to defend against claims, whereas after that time – only if and to the extent that it is required by applicable laws. After the expiry of the processing period, the data shall be irretrievably deleted or anonimised.  

10. User’s rights

10.1. The User has a right to access their data and to demand their rectification, deletion, restriction of processing, the right to transfer the data and the right to object to the processing, as well as the right to lodge a complaint with the supervisory authority responsible for the protection of personal data.

10.2. If the User’s data are processed on the basis of a consent, such consent may be withdrawn at any time by contacting the Controller or by using the functions available on the Website, including the contact form https://apius.pl/en/contact.

10.3. The User has a right to object to data processing for marketing purposes, where the processing is carried out with respect to the Controller’s legitimate interest, as well as – for reasons related to the User’s particular situation – in other cases where the legal basis for the processing is the Controller’s legitimate interest (e.g. for analytical and statistical purposes).

10.4. More information about the rights arising from GDPR can be found here.

11. Data recipients

11.1. In connection with the provision of services, Personal Data will be disclosed to third parties, including suppliers responsible for the maintenance of IT systems, marketing agencies (within the scope of marketing services) and entities related to the Controller.

11.2. The User’s data may also be shared with other entities for their own purposes, including marketing purposes, provided that the User gives their consent to that.

11.3. The Controller reserves the right to disclose selected information concerning the User to the competent authorities or third parties, which will request such information based on the appropriate legal basis and in accordance with the provisions of applicable laws.

12. Transmission of data outside the EEA

12.1. The level of protection of Personal Data outside the European Economic Area (EEA) differs from that ensured by the European law. For this reason, the Controller shall transfer Personal Data outside the EEA only when necessary and after providing an adequate level of protection, in particular by:

12.1.1. cooperation with entities processing Personal Data in countries for which a relevant decision of the European Commission has been issued regarding the adequacy of the protection of Personal Data;

12.1.2. use of standard contractual clauses issued by the European Commission;

12.1.3. application of binding corporate rules approved by a relevant supervisory authority;

12.1.4. in the case of data transfer to the USA – cooperation with entities participating in the Privacy Shield programme approved by a decision of the European Commission.

12.2. The Controller shall always inform about the intention to transfer Personal Data outside the EEA at the stage of their collection.

13. Personal Data security

13.1. The Controller shall conduct risk analysis on an ongoing basis in order to ensure that Personal Data is processed in a secure manner – which should guarantee, first of all, that only authorised persons have access to the data and only to the extent that it is necessary due to their duties and tasks. The Controller shall ensure that the actions involving the use of Personal Data are registered and carried out only by authorised employees and co-workers. 13.2. The Controller shall take all necessary steps to ensure that its subcontractors and other cooperating entities guarantee the application of appropriate security measures whenever they process Personal Data on behalf of the Controller. 

14. Contact details

14.1. The Controller may be contacted via e-mail: daneosobowe@apius.pl or by traditional post mail: ul. Stanisława Moniuszki 50, 31-523 Kraków with a note:  ”Personal Data Protection”.

14.2. The Controller has appointed a Personal Data Protection Coordinator, who may be contacted by e-mail: daneosobowe@apius.pl in every case concerning the processing of Personal Data. The Coordinator shall not act as Data Protection Officer.

15. Amendments to the Privacy Policy.

15.1. The adequacy of the Policy shall be monitored on an ongoing basis and updated when necessary.

15.2. The current version of the Policy has been adopted and has been in force since 13.03.2019.