- visit website https://www.codibly.com/ (hereinafter referred to as the “Service“),
- use CODIBLY social network accounts on:
- Facebook https://www.facebook.com/Codibly/,
- Clutch https://clutch.co/profile/codibly
- LinkedIn https://www.linkedin.com/company/codibly/
(hereinafter jointly referred to as the „Social Network Profile”),
- contact CODIBLY (i.a. by phone, e-mail), in particular through:
- contact form: „Contact form”, „Request for proposal”,
- recruitment form: „Application form” (hereinafter referred to as the „Candidates”),
- marketing form: “download case study”, “download White Paper”
- are employees, associates or representatives of CODIBLY’s contractors and clients,
- participate in events and recruitment procedures held by CODIBLY
(hereinafter referred to as “Users”).
Controller is CODIBLY spółka z ograniczoną odpowiedzialnością sp.k. [Polish Limited Liability Company Limited Partnership] with its registered office in Kraków (KRS: 0000517007), at Długa 72 Street, 31-146 Cracow. Users may contact the Controller, by the following means:
- by mail to the following address: ul. Długa 72, 31-146 Kraków;
- by e-mail: [email protected]
The Controller has not appointed the personal data inspector.
While running the Social Network Profile the Controller co-administrates the data with entities running the appropriate profiles (in particular Facebook Ireland).
Objectives of processing of personal data and the legal basis for processing
User’s personal data shall be processed for the following purposes and under the following legal basis:
- responding to inquiries from Users and contacting Users regarding matters they addressed the Controller on, in particular by sending him an e-mail, through contact forms on the Service or by chat on the Social Media Profile. The legal basis for data processing is legally justified interest of the Controller (pursuant to the Article 6 section 1 letter f of GDPR), consisting in the necessity to reply to the Users;
- sending marketing materials (such as case studies, white papers, presentations) to the Users who addressed the Controller. The legal basis for data processing is User’s consent to receive marketing materials (pursuant to the Article 6 section 1 letter a of GDPR);
- conducting recruitment procedure for those who gave their consent to it and sent the Controller their CV. The legal basis for data processing is the necessity to act on Candidate’s request prior to conclusion of employment contract or a civil law contract (pursuant to the Article 6 section 1 letter b of GDPR), necessity to fulfil the obligation resulting from Article 22(1) of the Labour Code (pursuant to the Article 6 section 1 letter a of GDPR) and legally justified interest of the Controller (pursuant to the Article 6 section 1 letter f of GDPR) which is the staff recruitment procedure;
- registration of Users for the event they expressed their willingness to participate (e.g. conference, workshop or webinar, allowing them to attend the event, including sending information on the programme of the event etc. The legal basis for data processing is legally justified interest of the Controller (pursuant to the Article 6 section 1 letter f of GDPR), consisting in organizing the event, including ensuring participation of the Users;
- controlling and analyzing the movement on the Service and Social Media Profile as well as conducting marketing activities. The legal basis for data processing is legally justified interest of the Controller (pursuant to the Article 6 section 1 letter f of GDPR), consisting in promoting the services of Controller;
- contacting Users in current affairs, in particular regarding performance of agreements concluded between the Controller and the User, submitting bids, receiving requests and orders, answering questions. The legal basis for data processing is legally justified interest of the Controller (pursuant to the Article 6 section 1 letter f of GDPR), consisting in necessity of constantly contacting the contractors of the Controller;
- implementation of the agreements concluded between the Controller and the User, including receiving and performing orders, submitting of orders, concluding contracts, carrying out activities in the field of accounting, accounting services, debt collection. The legal basis thereof is the necessity to perform the contract or take action prior to entering into a contract with the User (pursuant to the Article 6 section 1 letter b of GDPR), as well as the legally justified interests of the Controller (pursuant to the Article 6 section 1 letter f of GDPR), consisting in necessity of the correct implementation of agreements with contractors;
- fulfilment of legal obligations imposed on the Controller, in particular under the provisions of tax law (pursuant to the Article 6 section 1 letter c of GDPR);
- determining, securing and the pursuing possible claims of both the Controller and the User. The legal basis is a legally justified interest of the Controller (pursuant to the Article 6 section 1 letter f of GDPR) consisting of the possibility of determining, pursuing or defending claims.
Categories of references to the data
The Controller processes personal data of the Users necessary to implementation of the objectives mentioned hereinabove, in particular identification data, contact details and information on the employer as well as data posted on the User’s Social Media Profile, including information on the devise used by the User, its country of origin, the web browser or IP used by the User.
The recipients of data (categories of recipients)
The Users’ personal data may be shared with external entities providing services to the Controller, such as accounting services as well as IT services providers, including e-mail and providing services to the contractors. The Controller may share the personal data with entities based in the non-EU and non-EOG third countries (including i.e. Amazon Web Services, Inc, Google LLC or Facebook Inc) only if the adequate level of protection in the said country has been established.
The entities with which the Controller shares the data of the Users are participants of the Privacy Shield, which guarantees an appropriate level of data securing. More information is available at: https://www.privacyshield.gov/.
The entities receiving User’s personal data due to viewing their Social Network Profile may use them to display the content matching the User’s searching history (profiling) based on the previous websites that the User visited. This applies in particular to Google and Facebook services. The Controller does not conduct automated processing of the User’s data.
The period of storage of personal data
We will store the Users’ data for the period necessary to achieve the objectives set out here in above. If:
- the User’s personal data are processed in connection with the contract concluded with the User, his employer or entity, which the User represents the Controller will store for a period of performance of the contract and to the necessary extent – for 5 years from the end of the calendar year in which the payment of the tax became past due in connection with the conclusion and implementation of the agreement or longer if required by law,
- the User contacted the Controller – the data will be processed for the time necessary for the purpose of contacting the User and for a period of 2 years from the termination of the contract,
- the User’s personal data are processed in connection with using the Social Media Profile – for the period of having an account on the said Social Media (subscribing, liking, commenting),
- the User’s personal data are processed on the basis of the consent – until the consent is withdrawn.
If the User’s personal data will no longer be necessary for the purposes for which they were processed, the Controller will keep them in order to determine, pursue or defend potential claims of both the Controller and the User only for periods of limitation set out in the provisions of law.
The consequences of failure to provide personal data
Except in cases in which providing personal data is legally required, the provision of personal data is entirely voluntary, however the failure to provide them may impede or prevent us from achieving objectives set out here in above.
Information on automated decision-making
The Users’ data will not be processed in an automated way, also it will not be processed in the form of profiling by the Controller.
The source of personal data
The User’s personal data, which are not collected directly from the Users, may be obtained from their employers, associates or entities that the User represents. The Controller may also process personal data derived from the sources accessible to the public.
Rights related to the processing of personal data
The User is entitled to the following rights related to the processing of personal data:
- the right of access to personal data, the right to request rectification, erasure or restriction of processing of personal data, as long as these rights are not excluded or restricted by the provisions of law;
- the right to transfer the personal data, i.e. the right to receive personal data in a structured, commonly used machine-readable format. The User may send the data to another Controller of personal data or demand sending the data to another controller. However, we will do so only if such transfer is technically possible;
- the right to withdraw consent to the processing of the personal data, when the User’s data are being processed upon their consent;
- The right to lodge a complaint to the authority – the President of the Personal Data Protection Office.
- Other rights arising from generally applicable provisions of law.
In order to use these rights, please contact the Controller.
What are cookies?
Cookies are online data, in particular text files that are stored in the User’s terminal device (computer, mobile phone, tablet). Primarily, they contain the name of the website of its origin, their unique number, time of storage on the terminal device. Through the cookies the statistical information about Users’ traffic, visitor activity and the way of using of the Service are delivered to the Controller. They allow to customize the content and services to the preferences of the User.
What are cookies used for?
- The cookie mechanism is not used to obtain any information about the Users, except for their behavior on the Site.
- The Controller stores the cookies on the Users’ computers in order to:
- properly adjust the Service to the Users’ needs and optimize the use of the websites;
- remember the preferences and personal user settings, recognizing the device and ensuring the proper viewing of a website tailored to their needs (full and mobile version of the page);
- create the viewing statistics of the Service that helps to understand how the Users use the websites, which allows to improve their structure and content;
- maintain the User’s sessions (after logging in), so the User does not have to re-enter login and password on every page of the Service.
- Due to the Facebook, Instagram and LinkedIn plug-ins being placed in the Service, the cookies may also facilitate the Social Media to record the presence of the User on the Service website and to adjust the displayed commercials to the activity of the User.
What are the types of cookies?
In the Service there are used the two basic types of cookies:
- a “session” ones (“session cookies”) and
- “permanent” ones (“persistent cookies”).
The session cookies are temporary files that are stored in the User’s terminal device until logging out time, leaving the website or disabling the software (web browser). The permanent cookies are stored in the User’s terminal device for the time specified in the cookie files parameters or until removal thereof by the User.
In the Service, the following types of cookies are being used:
- the “essential” cookies, enabling the use of the services available through the Service, e.g. authentication cookie files used for services that require authentication through the Service;
- the cookies used to ensure safety, e.g. used to detect misuses in the field of authentication through the Service;
- the “performance” cookies, enabling the collection of information about the manner of using the websites of the Service;
- the “functional” cookies, enable to “remember” the settings chosen by the User and personalize the User’s interface, e.g. in terms of the chosen language or region the User comes from, the font size, the design of the website, etc.
How to block the cookies?
In many cases, web browsers allow to store cookies in the User’s terminal device by default. Service Users may change the settings for cookies at any time, for example in order to block the automatic enabling of cookies or to inform the User about them being enabled into the Service User’s device. Detailed information about the possibilities and ways of enabling cookies are available in the browser settings or at the following websites:
Moreover the User may block sharing to Google Analytics about their activity on the Service by using the following means: https://tools.google.com/dlpage/gaoptout.
The Controller hereby informs that the limitations of using cookie files may affect some functions available on the Service websites.