1. Definitions
1.1. Administrator – Masterio sp. z o.o., ul. Rzepińska 1, 66-400 Gorzów Wlkp., TAX ID PL5993253877, KRS 0000879313, REGON 387967417, Regional Court in Zielona Góra — VIII Economic Department of National Court Registry.
1.2. Personal data – information about a person identified or identifiable by one or several specific physical, physiological, genetic, psychological, economical, cultural or social identity factors, including device IP, Internet ID or information gathered through cookies and similar technologies.
1.3. Policy – this Privacy policy document
1.4. GDPR – European Parliament and Council Regulation (UE) 2016/679 of April 27th, 2016 relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data and revoking of 95/46/EC directive.
1.5. Website – Internet website run by the Administrator at www.masterio.pl.
1.6. User – each and every natural person visiting the Website or using at least one services or functionalities described herein.
2. Processing of personal data in connection to using the Website.
2.1. The Administrator collects data essential to providing all offered services every time a User uses the Website. Below are detailed rules and goals connected with the processing of personal data collected while a User uses the Website.
3. Goals and legal foundations of processing of personal data on the Website
A) Using the Website
3.1. Personal data of all persons using the Website are processed by the Administrator:
3.1.1. In order to provide Users with the content of the Website via Internet – processing is necessary for the performance of a contract (GDPR art. 6 pt. 1 let. b);
3.1.2. in order to establish and vindicate claims or to protect against claims – processing is necessary for the purposes of the legitimate interests pursued by the Administrator (GDPR, art. 6. pt. 1 let. f), i.e. to protect its legal rights.
B) Contact form
3.2. The Administrator provides a way of communication by means of an online contact form. Using the form requires providing personal data essential to establish a contact with the User and answer an inquiry. The User may provide other data in order to facilitate contact or handling of the inquiry. Providing data marked as compulsory is essential in order to registering and handling of the inquiry and failure to provide such data will result in the inability to process and handle the inquiry. Providing all other data is voluntary.
3.3. Personal data are processed in order to identify the sender and the processing of the inquiry submitted via the provided form – processing is necessary for the performance of a contract (GDPR art. 6 pt. 1 let. b); with regard to data submitted voluntarily – processing is performed based on a consent to provide data (GDPR art. 6 pt. 1 let. a).
C) Marketing
3.4. User’s personal data can be used by the Administrator to provide user with marketing-oriented content via different channels, i.e. via email or text/multimedia messages. Such actions are performed by the Administrator only when the User has given a consent, which can be withdrawn at any moment.
3.5. Personal data is processed:
3.5.1. in order to send ordered commercial information – processing is necessary for the purposes of the legitimate interests pursued by the Administrator (GDPR, art. 6. pt. 1 let. f), in connection with a consent from the User.
3.5.2. for analytical and statistical purposes – processing is necessary for the purposes of the legitimate interests pursued by the Administrator (GDPR, art. 6. pt. 1 let. f), i.e. to analyze User activity on the Website in order to improve functionality.
4. Cookies
4.1. The Administrator uses cookies on its Website. The goals and rules connected with cookies are detailed in Cookie policy.
5. The period of processing personal data
5.1. The period of processing personal data by the Administrator depends on the service and goal of the processing. As a rule the data are processed during the supply of services period, until the User consent is withdrawn or an effective objection to processing the data is voiced when the processing is necessary for the purposes of the legitimate interests pursued by the Administrator.
5.2. The period of personal data processing may be prolonged if the processing is essential to establish and pursue claims or to protect against claims, and after that period only when it is required by law. After the period has ended the data are permanently deleted or anonymizated.
6. User privileges
6.1. The User has the right to the access to the data or to demand its refutation, deletion, restriction of processing, the right to transfer the data or the right to raise a complaint to a personal data protection supervisory body.
6.2. The User has also the right to voice an objection to data processing when it it done for the purposes of the legitimate interests pursued by the Administrator
6.3. When the data is processed based on the consent of the User, such consent can be withdrawn at any moment, by contacting the Administrator via email or the Website.
7. Personal data recipients
7.1. Personal data will be disclosed to third parties, including particularly IT service providers ensuring proper usage of the Website, in the capacity of the provision of services.
7.2. Upon User consent, the data may be disclosed to other parties for their purposes including marketing purposes.
7.3. The Administrator reserves the right to disclose chosen User information to proper authorities or third parties which require disclosure of such information, based on proper legal basis and within the law.
8. Data transfer outside the EEA
8.1. Personal data protection level outside the European Economic Area (EEA) differs from the European law. That is why the Administrator transfers data outside EEA only when it is necessary with appropriate level of protection mostly by:
8.1.1. cooperation with personal data processing parties in countries where the European Commission issued a decision concerning the appropriate level of personal data protection:
8.1.2. adhering to standard contractual clauses issued by the European Commission;
8.1.3. applying binding corporate rules approved by appropriate governing body.
8.2. The Administrator always informs the User about transferring personal data outside EEA upon its collection.
9. Personal data safety
9.1. The Administrator constantly analyzes risks in order to provide safety of the processed personal data – ensuring first of all that only authorized personnel has the access to the data and only in the capacity essential to perform their tasks. The Administrator ensures that all operations performed on the data were recorded and performed only by the authorized personnel and subcontractors.
9.2. The Administrator undertakes all essential actions to ensure that all subcontractors and third parties guarantee proper security measures every time they process the data by the Administrator's request.
10. Contact data
10.1. The Administrator can be reached via email (d.osobowe@masterio.pl) or the Contact us section of the Website.
11. Changes to Privacy policy
11.1. The Policy is constantly monitored and updated if necessary.
11.2. The current version of the Policy has been adopted and is effective as of September 1st, 2023.