BlogOferta Logowanie / Rejestracja

Information Obligation GDPR

The following information is a concise, clear and transparent summary of the details contained in the Privacy Policy regarding the Data Controller, the purposes and methods of processing personal data, and your rights in connection with this processing, in the form required to fulfil the GDPR information obligation. Details on processing methods and the entities involved in this process are available in the indicated policy.

Who is the Data Controller?

The Personal Data Controller (hereinafter: the Controller) is the natural person “Jakub Asztemborski”, residing in Wrocław, providing services electronically via the Service.

How can you contact the Controller?

You can contact the Controller in one of the following ways:

  • Email – team@instantroom.pl
 

Has the Controller appointed a Data Protection Officer?

Based on Article 37 of the GDPR, the Controller has not appointed a Data Protection Officer.

For matters related to data processing, including personal data, please contact the Controller directly.

Where do we obtain personal data and what are the sources?

Data are obtained from the following sources:

  • Publicly available sources (e.g., company websites, industry portals) for the purpose of B2B contact
  • Directly from the data subjects
  • In the case of registration using social media, from those social media platforms with the informed consent of the data subjects

What is the scope of the personal data we process?

The Service processes ordinary personal data voluntarily provided by the data subjects (e.g., first and last name, username, email address, phone number, IP address, etc.).

The detailed scope of the processed data is available in the Privacy Policy.

What are the purposes of processing?

Initiating business contact with persons representing companies whose data have been obtained from publicly available sources, as part of direct marketing of services provided by the Controller (based on Article 6(1)(f) GDPR – legitimate interests).

Personal data voluntarily provided by Users are processed for one of the following purposes:

  • Provision of electronic services:
    • Registration and maintenance of a User account in the Service and related functionality
    • Newsletter service (including sending advertising content with consent)
    • Commenting/liking posts in the Service without the need to register
  • Communication by the Controller with Users on matters related to the Service and data protection
  • Ensuring the Controller’s legitimate interests

What are the legal bases for processing?

The Service collects and processes Users’ data on the basis of:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
    • Article 6(1)(a): the data subject has given consent to the processing of their personal data for one or more specific purposes
    • Article 6(1)(b): processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract
    • Article 6(1)(f): processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party
  • Act of 10 May 2018 on the protection of personal data (Journal of Laws 2018, item 1000)
  • Telecommunications Law of 16 July 2004 (Journal of Laws 2004 No. 171, item 1800)
  • Act of 4 February 1994 on copyright and related rights (Journal of Laws 1994 No. 24, item 83)

What legitimate interests are pursued by the Controller?

  • Conducting direct marketing of the Controller’s products and services towards persons acting professionally on behalf of organizations (B2B contact)
  • For the potential establishment, exercise or defence of claims – the legal basis for processing is our legitimate interest (Article 6(1)(f) GDPR) consisting in the protection of our rights, including among others
  • Assessing the risk of potential clients
  • Assessing planned marketing campaigns
  • Carrying out direct marketing

For how long do we process personal data?

As a rule, the indicated personal data are stored only for the period of providing the service within the Service operated by the Controller. They are deleted or anonymized within 30 days from the end of service provision (e.g., deletion of a registered user account, unsubscribing from the Newsletter, etc.).

In exceptional situations, in order to secure the Controller’s legitimate interests, this period may be extended. In such a case, the Controller will store the indicated data, from the time of the User’s request for deletion, for no longer than 3 years in the event of a violation or suspected violation of the Service’s Terms by the data subject.

Who are the recipients of the data, including personal data?

As a rule, the sole recipient of the data is the Controller.

However, processing may be entrusted to other entities providing services to the Controller in order to maintain the operation of the Service. Such entities may include, among others:

  • Hosting companies providing hosting or related services to the Controller
  • Companies through which the Newsletter service is provided
  • Companies through which SEO/SEM services may be provided
  • IT service and support companies performing maintenance or responsible for maintaining IT infrastructure

Will your personal data be transferred outside the European Union?

Personal data will not be transferred outside the European Union, unless it has been published as a result of an individual action by the User (e.g., posting a comment or an entry), which will make the data available to any person visiting the Service.

Will personal data be used for automated decision-making?

Personal data will not be used for automated decision-making (profiling).

What rights do you have in connection with the processing of personal data?

  • Right of access
    Users have the right to obtain access to their personal data upon request submitted to the Controller.
  • Right to rectification
    Users have the right to request the Controller to promptly rectify inaccurate personal data and/or complete incomplete personal data, upon request submitted to the Controller.
  • Right to erasure
    Users have the right to request the Controller to promptly delete personal data, upon request submitted to the Controller. In the case of user accounts, deletion consists of anonymizing data that allow the User to be identified. In the case of the Newsletter service, the User can delete their personal data independently by using the link included in every email.
  • Right to restriction of processing
    Users have the right to restrict processing in the cases indicated in Article 18 GDPR, including contesting the accuracy of personal data, upon request submitted to the Controller.
  • Right to data portability
    Users have the right to obtain from the Controller personal data concerning them in a structured, commonly used and machine-readable format, upon request submitted to the Controller.
  • Right to object
    Users have the right to object to the processing of their personal data in the cases specified in Article 21 GDPR, upon request submitted to the Controller.
  • Right to lodge a complaint
    Users have the right to lodge a complaint with the supervisory authority responsible for the protection of personal data.