Privacy and Cookies Policy for the Internet Service

Privacy Policy

GENERAL INFORMATION

This document defines the rules of the Privacy Policy on the www.xtrf.eu Internet Service (hereinafter referred to as the “Internet Service”). The Administrator of the Internet Service is XTRF MANAGEMENT SYSTEMS spółka akcyjna (joint-stock company), with its seat in Cracow, 5 Walerego Sławka Street, ZIP code 30-633 Cracow, Poland, entered into the Register of Entrepreneurs maintained by the District Court for Kraków-Śródmieście in Cracow, XI Commercial Division of the National Court Register, under the No. 735467, Taxpayer Identification Number (NIP): 6793045169, National Official Register of Business Entities (REGON) number: 121312964, with the share capital of PLN 188.700 paid in full.

Personal data collected by the Administrator of the Internet Service are processed in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27/04/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, p. 1), (hereinafter: the GDPR).

The Administrator of the Internet Service takes the utmost care to protect the privacy and the information provided thereto and related to users of the Internet Service. The Administrator selects and applies appropriate technical measures, including programming and organizational measures, to ensure the protection of personal data being processed, in particular, to secure the data against access by unauthorized entities, disclosure, loss and destruction, unauthorized modification, as well as illegal processing.

The Services available on the web page are not addressed to children under 16 years of age. The Personal Data Controller does not plan to intentionally collect data on children under 16 years of age.

PERSONAL DATA

Personal Data Controller

Your Personal Data Controller is:
XTRF MANAGEMENT SYSTEMS SA
5 Walerego Sławka Street,
30-633 Cracow, Poland

You may contact the Personal Data Controller in matters related to your personal data by:

  • electronic mail: marketing@xtrf.eu;
  • traditional mail: ul. Walerego Sławska (street), number 5, (ZIP CODE) 30-633 Kraków, Poland.
The Purpose and the Legal Basis for Personal Data Processing

The Personal Data Controller processes your personal data for the following purposes and in the following scope:

  • to take action before concluding the contract at your request (i.e. to create your account), that is data provided in the registration form on the Internet Service, i.e. e-mail address, name and family name, telephone number; to provide Services which require the creation of the Account, we process your data specified in the Account, including data on implemented services and paid services;
  • to provide services which do not require that you create the Account, that is to browse the website of the Internet Services, use chat or other Services and to contact in relation with the use of the contact form, we process personal data related to your activity in the Internet Service, in other words information about content you browse, data on sessions of your device, operating system, browser, location, unique ID, IP address;
  • to perform the provision of Services Contract and allow to use functionalities that require the creation of an account, i.e. translation projects management, customers and translator base management, ordering translation, payment information management, users communications, we process personal data provided by you and forms as well as data regarding your activity on the Internet Service, i.e. data concerning the Services you are viewing, as well as session data, your device and operating system, browser, location and unique ID. Provision of some data is a prerequisite for using certain Services and account functionality (mandatory data). Our system automatically marks mandatory data. As a consequence of your failure to provide such data we will not be able to provide certain Services and functionalities of the Account. Contrary to data marked as mandatory, providing other personal data is voluntary;
  • to conduct statistics of the usage of particular functionalities available on the Internet Service, to facilitate the use of the Internet Service and to ensure IT security of the Internet Service, we process personal data regarding your activity on the Internet Service and the amount of time spent on each of the subpages on the Internet Service, your search history, location, IP address, device ID, data regarding to your internet browser and operating system;
  • to determine, investigate and enforce claims and defend against claims in court proceedings and before other enforcement authorities, we may process your personal data provided upon registration on the Internet Service (Account creation), ordering services and other data which may be necessary to prove the existence of the claim or which result from the legal requirement, court order or other legal procedure;
  • to resolve complaints, claims and requests and to answer users requests, we process the personal data provided by you in complaints, claims and requests, or to answer questions in another form, as well as data on the Services we provide that are the reason for the complaint, claim or request, and the data included in documents attached to complaints, claims and requests;
  • for market research and opinion polling by us or our partners, i.e. information about services, your data provided when using the services, e-mail address. We do not use data collected under market research and opinion polls for advertising purposes. The exact guidelines are included in information about a given survey or in a place of your data entering;
  • for marketing of our Services and services of our partners, including remarketing, we process personal data provided by you on creation of your Account and its updates, data about your activity on the Internet Service including activity recorded and stored via cookies, in particular the history of activity, ordered services, search history, clicks on the Internet Service, history and your activity related to our communication with you. For remarketing, we use data about your activity in order to reach you with our marketing messages outside of the Internet Service, and for this purpose we use the services of external suppliers. These are based on displaying our messages on web pages other than within the Internet Service. Further details are available in provisions regarding Cookies.
Categories of Personal Data Concerned

The Personal Data Controller processes the following categories of personal data concerned:

  • contact details;
  • data entered in the account;
  • data regarding ordered Services on the Internet Service;
  • data regarding providing Services to the user, including obligatory data to implement Service:
  • data regarding activity on the Internet Service;
  • data regarding complaints, claims and requests;
  • data on marketing services.
Voluntary Personal Data

Providing the required personal data by is voluntary and is a necessary condition for the provision of services by the Personal Data Controller via the Internet Service.

Data Processing Time

Personal data will be processed for the period necessary to execute services, carry out marketing activities and provide other services for the user. Personal data will be removed in the following cases:

  • when the data subject asks for their removal or withdraws his/her consent;
  • when the data subject does not take action for more than 10 years (inactive contact);
  • after receiving information that the stored data are out of date or inaccurate.

Some data, including e-mail address, name, and surname, may be stored for the next 3 years for evidence purposes, for consideration of complaints and claims related to services provided by the Internet Service – these data will not be used for marketing purposes.

Data regarding orders for paid services, competitions and loyalty programs will be kept for 5 years from the end of the calendar year in which the tax payment deadline expired.

Data regarding non-logged users are stored for a period of time corresponding to the lifecycle of cookies stored on the devices or until they are deleted by the user on the user’s device.

Your personal data regarding preferences, behaviors, and selection of marketing content may be used as a basis for making automatic decisions to determine the sales possibilities of the Internet Service.

Personal Data Recipients

We transfer your personal data to the following categories of recipients:

  • state authorities, e.g. prosecutor’s office, Police, President of the Office of Personal Data Protection, President of the Office of Competition and Consumer Protection, if they request so,
  • service providers that we use to run the Internet Service, e.g. to execute an order. Depending on contractual arrangements and circumstances, these entities act on our behalf or define the purposes and methods of data processing by themselves. The list of suppliers is available on our Web page under the following link: https://www.xtrf.eu/privacy-policy/suppliers/.
Rights of the Data Subject

Based on the GDPR, you have the right to:

  • request access to your personal data;
  • request rectification of your personal data;
  • request erasure of your personal data;
  • request restriction of personal data processing;
  • object to the processing of personal data;
  • request portability of personal data.

Personal Data Controller will provide you, without undue delay – and in any case within one month of receiving the request, with information about actions taken in connection with your request.

Before mentioned one month period may be extended by two further months where necessary, taking into account the complexity and number of the requests.

In any event, the Personal Data Controller will inform you of such an extension within one month of receiving the request, giving the reasons for the delay.

The Right of Access to Personal Data
(Article 15 of the GDPR)

You have the right to obtain from the Personal Data Controller confirmation as to whether your personal data are being processed.

If the Controller is processing your personal data, you have the right to:

  • acquire access to personal data;
  • obtain information about the purposes of the processing, categories of personal data being processed, data recipients or categories of recipients, the envisaged period for which the personal data will
  • be stored or the criteria used to determine that period, information about your rights under the GDPR and the right to lodge a complaint with the supervisory authority, about the data source,
  • automated decision-making, including profiling, and security measures used in connection with the transfer of these data outside the European Union;
  • obtain a copy of your personal data.

If you want to request access to your personal data, please submit your request to: marketing@xtrf.eu.

The Right to Erasure of Personal Data, So-called “Right to Be Forgotten”
(Article 17 of the GDPR)

You have the right to request the Personal Data Controller to erase your personal data when:

  • your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • you have withdrawn your specific consent to the extent to which personal data were processed based on your consent;
  • your personal data have been unlawfully processed;
  • you have objected to the processing of your personal data for the purpose of direct marketing, including profiling, to the extent to which the processing of personal data is related to direct marketing;
  • you have objected to the processing of your personal data in connection with the processing necessary to perform the task carried out in the public interest or processing necessary for purposes arising from legitimate interests pursued by the Personal Data Controller or a third party.

Despite submitting a request to erase personal data, the Personal Data Controller may process your data further for the establishment, exercise or defense of legal claims, about which you will be informed.

If you want to request the erasure of your personal data, please submit your request to marketing@xtrf.eu.

The Right to Submit a Request to Restrict the Processing of Personal Data
(Article 18 of the GDPR)

You have the right to request the restriction of your personal data processing when:

  • you contest the accuracy of your personal data – the Personal Data Controller will restrict the processing of your personal data for a period allowing to verify data accuracy;
  • the processing of your personal data is unlawful, but you oppose their erasure and request the restriction of their use instead;
  • your personal data are no longer needed for the purposes of the processing, but they are required for the establishment, exercise or defense of your legal claims;
  • you have objected to the processing of your personal data – pending the verification whether the legitimate grounds of the Controller override your grounds mentioned in your objection.

If you want to request restriction of your personal data processing, please submit your request to marketing@xtrf.eu.

The Right to Object to Personal Data Processing
(Article 21 of the GDPR)

You have the right to object at any time to the processing of your personal data, including profiling, in connection with:

  • the processing necessary to perform the task carried out in the public interest or processing necessary for purposes arising from legitimate interests pursued by the Personal Data Controller or a third party;
  • processing for direct marketing purposes.

If you want to object to the processing of your personal data, please submit your objection to marketing@xtrf.eu.

The Right to Request the Personal Data Portability
(Article 20 of the GDPR)

You have the right to receive your personal data in a structured, commonly used and machine-readable format and to transmit them to another personal data controller.

You may also request the Personal Data Controller to transmit your personal data directly to another controller (where technically possible).

If you want to request the personal data portability, please submit your request to marketing@xtrf.eu.

The Right to Withdraw Consent

You may withdraw your consent to the processing of your personal data at any time.

Withdrawal of consent to the processing of personal data does not affect the legality of the processing based on your consent before its withdrawal.

If you want to withdraw your consent to the processing of your personal data, please submit your request to marketing@xtrf.eu or use appropriate functionalities in the Account.

Complaint to the Supervisory Authority

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the supervisory authority, in particular in the Member State of your habitual residence, your place of work or place of the alleged infringement.

In Poland, the President of the Personal Data Protection Authority is the supervisory authority within the meaning of the GDPR.

Cookies Policy

General Information

While browsing the pages in the Internet Service, cookie-files are used, hereinafter referred to as the Cookies, i.e. small text files stored in your terminal device in connection with the use of the Internet Service. Their use is aimed to ensure the correct operation of pages in the Internet Service.

These files allow to identify the software that you use and tailor the Internet Service to your individual needs.

Cookies usually contain the name of the domain from which they originate, their storage time on the device and the assigned value.

COOKIES

Security

The cookies we use are safe for your devices. In particular, it is not possible for viruses or other unwanted or malicious software to get into your devices through cookies.

Types of Cookies

We use two types of cookies:

  • Session cookies: which are stored on your device and remain there until the end of a given browser session. The saved information is then permanently deleted from the memory of your device. The mechanism of session cookies does not allow you to download any personal data or any confidential information from your device.
  • Persistent cookies: which are stored on your device and remain there until they are deleted. They are not deleted from your device upon ending the session of a given browser or turning off the device. The mechanism of persistent cookies does not allow you to download any personal data or any confidential information from your device.
Objectives

We also use third-party cookies for the following purposes:

To learn the rules of using Cookies, we recommend reading the privacy policies of the aforementioned companies.

Cookies may be used by advertising networks, in particular by Google network, to display advertisements tailored to your preferences. For this purpose, information about your web trends or time of using the web page can be saved.

To view and edit information about your preferences collected by Google’s advertising network, you can use the tool available at https://www.google.com/ads/preferences/.

By using the web browser settings or by using the service configuration, you can change your Cookie settings by yourself and at any time, by specifying the terms of their storage and access to your device via Cookies. These settings can be changed, so as to block the automatic processing of Cookies in the web browser settings or to inform you each time when they are placed on your device. Detailed information on the options and ways of supporting Cookies is available in your software settings (web browser).