Privacy policy

Privacy and cookie policy of the noti.pl website
Poznań, October 20, 2020

I. Privacy and cookie policy for visitors to the website https://noti.pl/

II. Contact with contractors

III. Contact with employees and colleagues of the contractors

IV. Newsletter

The Controller attaches particular importance to respecting the privacy of natural persons using the services provided by him, therefore he has introduced this Policy containing information on the processing of personal data and other information, that does not constitute personal data, by the Controller.

In order to make it easier to find the right information regarding data processing, the Controller has divided the Policy into sections. Please refer to those relating to the processing of your data by the Controller.

The legal basis for the Policy is the GDPR - the Regulation of the European Parliament and of the Council (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (general data protection regulation).

V. Privacy and cookie policy for visitors to the website https://noti.pl/

1. Controller's data

The Controller of the personal data of users - people visiting the website available at: https://noti.pl/, is Noti sp. z o.o. with its registered office in Tarnowo Podgórne, ul. Sowia 19, 62-080 Tarnowo Podgórne, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court Poznań - Nowe Miasto and Wilda in Poznań, under KRS number: 0000440205, NIP: 7811881529, REGON: 302273135. The Controller carries out the processing of your personal data. The Controller pays special attention to respecting the privacy of users visiting his website.

2. Contact details to the Controller:

e-mail: biuro@noti.pl
tel.: +48 61 89 66 480

3. Personal data and other information about website users, purposes and grounds for processing

During the use of the website by a user, the Controller may access the user's personal data and other information that does not constitute his personal data.

The Controller may collect the user's personal data, which will be voluntarily provided by him on the website, e.g. by subscribing to the Newsletter. Depending on which channels the user communicates with the Controller and for what purpose the user provides his personal data to the Controller, the user should read the part of the Privacy Policy marked with numbers II-IV, where he will obtain full information about the principles and purposes of processing his personal data.

In addition to the personal data provided voluntarily by the user, in the manner referred to above, in connection with his use of the website, the Controller may also gain access to other information about the user that will be obtained in connection with the use of cookies and social plugins by the website. With the help of cookies, information about the user of the Controller's website can be processed or stored, which, within the meaning of the provisions of the GDPR, may be treated as personal data, because sometimes they allow the user to be identified. However, cookies are not used by the Controller to collect information that directly identifies the user (such as name and surname) and in many cases the information obtained through them will not be personal data.

Cookies are text files saved in the user's browser memory by the website. These files enable communication of certain information between the user's device and the website. Due to the period for which cookies remain stored in the browser's memory, one should distinguish session cookies, which are temporary files and remain in the browser's memory until the end of the session (closing the browser) and long-term cookies, the storage period of which may be longer and which may be stored on the user's device between sessions.

The Controller uses cookies that can be divided according to their purpose. These are: essential, functional, performance and advertising cookies. Detailed information on individual types of cookies along with a description of the purposes of each cookie used, the period of their operation and an indication of which third parties have access to them, are specified below.

Essential cookies enable the proper operation of the necessary functions of the Controller's website, such as setting privacy preferences, and are also used to ensure security. Essential cookies are processed by the Controller without the need to obtain the user's consent, in order to perform the agreement including the possibility of browsing the website available at: https://noti.pl, i.e. pursuant to Art. 6(1b) of the GDPR. The use of essential cookies does not violate the rights and freedom of the user and does not significantly affect him.

Functional, performance and advertising cookies are processed solely on the basis of the user's consent, i.e. pursuant to Art. 6(1a) of the GDPR. The user's consent to the use of non-essential cookies may be expressed jointly in relation to all indicated types of cookies, or the user can make the individual settings by agreeing to use only some of them or refuse to use any of them. The user may express his consent through the tool prepared by the Controller - a consent management banner, available on the website. The consent is given by the user voluntarily. In the event that the consent is not given, cookies of this type will not be saved in the user's browser memory.

Functional cookies allow to save other than necessary information that affects the comfort of using the website by the user, including in the case of closing the session by him and returning to the Controller's website. Functional cookies allow e.g. to remember the user's language preferences.

Performance cookies provide the Controller with information on how users use his website. Based on the collected information, anonymised reports and statistics are created that allow the Controller to improve the website. Through these types of cookies, the Controller can obtain e.g. information about the user's browser, approximate location, the page which transferred the user to the website, tabs and the time of browsing, and whether the user used the Controller's website before.

Cookies currently used by the Controller and their validity period can also be independently verified in a web browser:
Google Chrome: To view cookies, press the F12 key on the keyboard. In the new window, select Resources, and then pull down Cookies on the left.
Mozilla Firefox: To view the cookies, press the F12 key on the keyboard. In the new window, select Data, and then pull down Cookies on the left.
Microsoft Edge: To view cookies, press the F12 key on the keyboard. In the new window, select Debugger, and then pull down Cookies on the left.

The user may at any time change the saved settings of cookie preferences by consenting to the use of a given type of cookies or withdrawing the previously given consent. These changes can be made by the user at any time using the same tool (consent management banner) through which he previously consented (or not) to the use of individual types of cookies. The cookie consent management tool is available to the user at all times on the Controller's website.

The effect of withdrawing the consent to the use of cookies, in particular functional cookies, may be the loss of the possibility to use some of the website functionalities to which the user had prior access.

If the user does not want cookies to be saved on his device, he can also configure the web browser in such a way as to completely or partially disable the storage of cookies on the hard drive of the computer or other device used by him.

Follow the links below for instructions on how to block cookies in your browser and/ or how to delete them from your computer:

Google Chrome: https://support.google.com/chrome/answer/95647
Mozilla Firefox: https://support.mozilla.org/pl/kb/wzmocniona-ochrona-przed-sledzeniem-firefox-desktop?redirectlocale=en-US&redirectslug=enable-and-disable-cookie-website-preferences
Microsoft Edge: https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookie

In addition, the user may opt out of being tracked by Google Analytics in all websites by installing the add-on in his browser available at: https://tools.google.com/dlpage/gaoptout

In the event of withdrawal of consent to the use of a given type of cookies, the Controller may process user data obtained through them, as the implementation of the legitimate interest, i.e. pursuant to Art. 6(1f) of the GDPR, for the possible determination, investigation or defence against claims. In this case, however, cookies will not collect new information about the user.

Some cookies, so-called own files, are provided directly by the Controller's website. Other files, so-called external files, are provided by external websites (external providers are listed in the cookie description tables above, in the column "Access permission"). The Controller uses third party tools, in particular Google Analytics provided by Google Ireland Ltd., Facebook Pixel and social plugins provided by Facebook Ireland Ltd., as well as a social plugin provided by Pinterest Europe Ltd., which record (including tracking) user behaviour on the website. External entities acting as Controller's processors may transfer user data outside the EEA. Such activities are carried out with the use of appropriate safeguards, including the so-called standard data protection clauses.

Providers of social plugins, in particular links to social networking sites - facebook.com, instagram.com and printerest.com may collect personal data of the Controller's website users, regardless of whether the user uses these portals and is logged in at the moment. The Controller has no control over what data the social plug-in provider collects.

As part of the tools provided by Facebook Ireland Ltd., third parties, including Facebook, may use cookies, web beacons, and similar technologies to collect or receive information from the website and elsewhere on the Internet and use them to provide advertising measurement and targeting. The mechanism that allows the user to make a choice regarding the collection and use of information about him for advertising targeting can be found at the following addresses: http://www.aboutads.info/choices and http://www.youronlinechoices.eu/.

Depending on the type of business tool provided by Facebook Ireland Ltd., used by the Controller, Facebook may act as a processor of the user's personal data on behalf of the Controller, as a joint controller of the user's personal data together with the Controller - if the Controller and Facebook jointly define the purposes and means of processing these data, and also as an independent personal data controller. Detailed rules for the processing of user's personal data as part of the business tools provided by Facebook Ireland Ltd. are available at: https://www.facebook.com/legal/terms/businesstools/update.

In order to obtain detailed information on the principles of privacy and security of data collected by external websites that provide and support tools used by the Controller, including social networks, please refer to the privacy policies in force there, which are available at the following addresses:

Google: https://support.google.com/analytics/topic/2919631?hl=pl&ref_topic=1008008
Facebook: https://pl-pl.facebook.com/privacy/explanation
Instagram: https://help.instagram.com/519522125107875
Printerest: https://policy.pinterest.com/pl/privacy-policy

4. Data recipients and data transfer to third countries

User data may be processed by entities with which the Controller has concluded contracts for entrusting the processing of personal data, as well as by entities to which the Controller provides personal data. These entities include external cookie providers, including Google Ireland Ltd., Facebook Ireland Ltd., Pinterest Europe Ltd., as well as the Controller's contracting partners, in particular entities operating in the field of IT, law, marketing, protection of persons and property or personal data protection.

If required by law, the data may be made available to state or local government authorities, judicial authorities, law enforcement authorities, control authorities and tax authorities.

User data may also be collected independently of the Controller by external entities that support tools and social plugins used by the Controller, including Google Ireland Ltd., Facebook Ireland Ltd., Pinterest Europe Ltd., as well as related entities.

If the user wants to obtain a copy of his personal data or to learn more about the safeguards applied, or to obtain information about the location of personal data made available, he should contact the Controller.

5. Processing period

User data, including personal data, will be processed by the Controller for the period necessary to achieve the purposes set out in point 3 above - the period of cookies operation, which has been indicated in detail above in relation to each cookie used by the Controller. This period can be additionally checked in the browser. The period of processing personal data of users may be extended by the period of data archiving and the period resulting from the relevant legal provisions. External entities to which the Controller provides users' personal data, or which collect users' personal data, regardless of the Controller, process personal data for the period specified in their privacy policies.

6. Profiling

The user's personal data may be profiled by third parties - Google Ireland Ltd., Facebook Ireland Ltd., Pinterest Europe Ltd., as well as related entities. Profiling means automated processing of the user's personal data to evaluate certain personal factors, in particular to analyse or forecast aspects related to personal preferences, behaviour, interests, location, and the use of the website and the Internet.

On the part of the Controller, personal data will not be subject to automated decision making. The Controller may, however, use profiling to evaluate certain personal factors of the user, in particular to analyse or forecast aspects related to his personal preferences, behaviour, interests, personality traits, location, and the use of the website and the Internet.

7. Protection of data and rights of users

The Controller makes every effort to protect the website against unauthorised access by third parties. For this purpose, physical, logical and organisational security measures are used.

The User whose personal data is collected has the right to:

a.       request from the Controller to access his personal data, rectify them, delete or limit the processing of personal data and notify recipients of personal data about rectification or deletion of personal data or limitation of processing;
b.       transfer Personal Data, if the basis for processing is Art. 6(1a) of the GDPR;
c.       receive copies of personal data subject to processing;
d.       lodge a complaint to the supervisory authority (the President of the Office for Personal Data Protection);
e.       withdraw consent to the processing of personal data, if the basis for processing is Art. 6(1a) of the GDPR, where the withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of consent before its withdrawal.

VI. Contact with contractors

1. Controller's data

The Controller of the contractors' personal data is Noti sp. z o.o. with its registered office in Tarnowo Podgórne, ul. Sowia 19, 62-080 Tarnowo Podgórne, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court Poznań - Nowe Miasto and Wilda in Poznań, under KRS number: 0000440205, NIP: 7811881529, REGON: 302273135. The Controller carries out the processing of your personal data. The Controller pays special attention to respecting the privacy of users visiting his website.

2. Contact details to the Controller:

e-mail: biuro@noti.pl
tel.: +48 61 89 66 480

3. Legal basis and purpose of processing:

The basis for the processing of your personal data is Art. 6(1a, b, c, f) of the GDPR and other legal acts, in particular the Act of 23 April 1964 - Civil Code.

Your personal data will be processed for the purpose of:

a.       implementation of cooperation, including: concluding and performing contracts for the sale of products offered by the Controller, taking actions, including presenting an offer, in response to your request before concluding the contract, providing information on products offered by the Controller - pursuant to Art. 6(1b) of the GDPR;
b.       replying to your correspondence, including e-mail correspondence, conducting correspondence, e-mail and telephone contact, providing information, building business relationships, improving cooperation - pursuant to Art. 6(1b, c, f) of the GDPR, including as the implementation of the legitimate interest of the Controller;
c.       possible establishment, investigation or defence against claims - pursuant to Art. 6(1b, c, f) of the GDPR, including as the implementation of the legitimate interests of the Controller;
d.       verification of contractor satisfaction and determining the service quality, as well as the level of satisfaction with the products offered by the Controller - pursuant to Art. 6(1f) of the GDPR, as the implementation of the legitimate interests of the Controller;
e.       fulfilment of legal and tax obligations - pursuant to Art. 6(1b, c) of the GDPR;
f.        for marketing purposes - pursuant to Art. 6(1f) of the GDPR, as the implementation of the legitimate interests of the Controller.

Providing your personal data by you is voluntary, but if you do not provide the data necessary to achieve the purposes set out in this point, including those required by law, the implementation of these purposes may turn out to be impossible. Your personal data may be processed on the basis of your consent or on the basis of other conditions for the admissibility of processing indicated in Art. 6 of the GDPR.

Data processing for the purposes of implementing the Controller's legitimate interests does not infringe your rights and freedoms.

4. Categories of data

In particular, all or some of the following personal data and categories of personal data may be processed:

a.       identification data (name, surname, etc.);
b.       location data (address of residence, business address, etc.);
c.       contact details (e-mail address, telephone number, etc.);
d.       data on the performance of the contract and cooperation of the parties (data contained in the correspondence, data contained in the accounting documents, etc.); and any other categories required by applicable, both domestic and international, law as well as necessary to achieve the purposes indicated in point 3.

5. Data source

The processed data was obtained directly from you, from the website or public registers, including in particular the Central Register and Information on Business.

6. Storage period

The period of processing your personal data depends on the purpose for which the data is processed and will be calculated based on the following criteria:

a.       the period for which the consent is granted,
b.       the period for which the services are provided or for which the contract is concluded,
c.       legal provisions that may impose data processing or archiving for a specified period,
d.       the time until the expiry of the limitation period or the expiry of the claims,
e.       the period that is necessary to protect the Controller's interests.

7. Recipients

Your personal data may be also processed by entities with which the Controller has concluded contracts for entrusting the processing of personal data, as well as by entities to which the Controller provides personal data. These entities include the Controller's subcontractors, in particular suppliers, assemblers, as well as the Controller's contractors, in particular entities operating in the field of IT, law, payment services, marketing, protection of individuals and property, or personal data protection.

If required by law, the data may be made available to state or local government authorities, judicial authorities, law enforcement authorities, control authorities and tax authorities.

8. Transfer to a third country

The Controller does not intend to transfer your personal data to third countries. Personal data may be transferred outside the EU only at your request or for the purpose of cooperation between you and the Controller. In such a case, each transfer will be made in accordance with applicable law and with appropriate safeguards.

9. Profiling

Your personal data is not subject to automated decision making. The Controller may use profiling to evaluate some of your personal factors, in particular to analyse or forecast aspects related to your personal preferences, interests and personality traits.

10. Rights:

Depending on the legal basis for processing, you have the right to:

a.       request from the Controller to access his personal data, rectify them, delete or limit the processing of personal data and notify recipients of personal data about rectification or deletion of personal data or limitation of processing;
b.       raise an objection to processing, if the basis for processing is Art. 6(1f) of the GDPR;
c.       transfer of personal data, if the basis for processing is Art. 6(1a) of the GDPR;
d.       receive copies of personal data subject to processing;
e.       lodge a complaint to the supervisory authority (the President of the Office for Personal Data Protection);
f.        withdraw consent to the processing of personal data, if the basis for processing is Art. 6(1a) of the GDPR, where the withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of consent before its withdrawal.

VII. Contact with employees, colleagues and members of the management board of the contractors

1. Controller's data

The Personal Data Controller of employees, colleagues and members of the contractor's management board is Noti sp. z o.o. with its registered office in Tarnowo Podgórne,
ul. Sowia 19, 62-080 Tarnowo Podgórne, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court Poznań - Nowe Miasto and Wilda in Poznań, under KRS number: 0000440205, NIP: 7811881529, REGON: 302273135. The Controller carries out the processing of your personal data. The Controller pays special attention to respecting the privacy of users visiting his website.

2. Contact details to the Controller:

e-mail: biuro@noti.pl
tel.: +48 61 89 66 480

3. Legal basis and purpose of processing:

The basis for the processing of your personal data is Art. 6(1a, c, f) of the GDPR and other legal acts, in particular the Act of 23 April 1964 - Civil Code.

Your personal data will be processed for the purpose of:

a.       implementation of cooperation, including: concluding and performing contracts for the sale of products offered by the Controller, taking actions, including presenting an offer, in response to your request before concluding the contract, providing information on products offered by the Controller - pursuant to Art. 6(1f) of the GDPR, as the implementation of the legitimate interest of the Controller;
b.       replying to your correspondence, including e-mail correspondence, conducting correspondence, providing information, building business relationships, improving cooperation - pursuant to Art. 6(1a, f) of the GDPR, including as the implementation of the legitimate interest of the Controller;
c.       possible investigation or defence against claims - pursuant to Art. 6(1c, f) of the GDPR, including as the implementation of the legitimate interest of the Controller;
d.       verification of contractor satisfaction and determining the quality of service, as well as the level of satisfaction with the products offered by the Controller - pursuant to Art. 6(1f) of the GDPR, as the implementation of the legitimate interest of the Controller;
e.       fulfilment of legal and tax obligations - pursuant to Art. 6(1c) of GDPR,
f.        for marketing purposes - pursuant to Art. 6(1f) of the GDPR, as the implementation of the legitimate interest of the Controller.

Providing your personal data by you is voluntary, but if you do not provide the data necessary to achieve the purposes set out in this point, including those required by law, the implementation of these purposes may turn out to be impossible. In the remaining scope, your personal data may be processed on the basis of your consent or on the basis of other conditions for the admissibility of processing indicated in Art. 6 of the GDPR.

Data processing for the purposes of implementing the Controller's legitimate interests does not infringe your rights and freedoms.

4. Categories of data

In particular, all or some of the following personal data and categories of personal data may be processed:

e.       identification data (name, surname, position, function, workplace, etc.);
f.        location data (work address, etc.);
g.       contact details (business e-mail address, business telephone number, etc.);
h.       cooperation data (data contained in the correspondence, data contained in the accounting documents, etc.);
and any other categories required by applicable, both domestic and international, law as well as necessary to achieve the purposes indicated in point 3.

5. Data source

The processed data were obtained directly from you, from the website, from a person from your organisation, or public registers, including in particular the National Court Register as well as the Central Register and Information on Business.

6. Storage period

The period of processing your personal data depends on the purpose for which the data is processed and will be calculated based on the following criteria:

7. Recipients

If required by law, the data may be made available to state or local government authorities, judicial authorities, law enforcement authorities, control authorities and tax authorities.

8. Transfer to a third country

The Controller does not intend to transfer your personal data to third countries. Personal data may be transferred outside the EU only at the request of your employer/ principal or for the purpose of cooperation between your employer/ principal and the Controller. In such a case, each transfer will be made in accordance with applicable law and with appropriate safeguards.

9. Profiling

10. Rights:

Depending on the legal basis for processing, you have the right to:

a.       request from the Controller to access your personal data, rectify them, delete or limit the processing of personal data and notify recipients of personal data about rectification or deletion of personal data or limitation of processing;
b.       raise an objection to processing, if the basis for processing is Art. 6(1f) of the GDPR;
c.       transfer of personal data, if the basis for processing is Art. 6(1a) of the GDPR;
d.       receive copies of personal data subject to processing;
e.       lodge a complaint to the supervisory authority (the President of the Office for Personal Data Protection);
f.        withdraw consent to the processing of personal data, if the basis for processing is Art. 6(1a) of the GDPR, but the withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of consent before its withdrawal.

VIII. Newsletter

1. Controller's data

The Personal Data Controller of the users, people using the Newsletter, is Noti sp. z o.o. with its registered office in Tarnowo Podgórne, ul. Sowia 19, 62-080 Tarnowo Podgórne, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court Poznań - Nowe Miasto and Wilda in Poznań, under KRS number: 0000440205, NIP: 7811881529, REGON: 302273135. The Controller carries out the processing of your personal data. The Controller pays special attention to respecting the privacy of people using the Newsletter.

2. Contact details to the Controller:

e-mail: biuro@noti.pl
tel.: +48 61 89 66 480

3. Legal basis and purpose of processing:

Your personal data will be processed for the purpose of:

a. sending marketing information in the form of a Newsletter to the e-mail address provided by you, regarding e.g. products offered by the Controller, promotions, inspirations, implemented projects, action plans, events concerning the Controller, the purpose of which is to inform about the Controller's products and company, and to promote them, i.e. pursuant to Art. 6(1f) of the GDPR, as the implementation of the legitimate interests of the Controller;
b. possible investigation or defence against claims - pursuant to Art. 6(1c, f) of the GDPR, including as the implementation of the legitimate interest of the Controller.

Data processing for the purposes of implementing the Controller's legitimate interests does not infringe your rights and freedoms.

Providing your personal data by you is voluntary, but necessary for receiving the Newsletter. Failure to provide personal data in the form of an e-mail address will result in the Controller's inability to send you the Newsletter.

At any time, you may object to the further processing of your personal data, which will result in the removal of your e-mail address from the database of people receiving the Newsletter, but it will not affect the lawfulness of the processing carried out before the objection is raised. The objection may be filed in any form, using the Controller's contact details indicated in points 1 and 2 above. You can also unsubscribe from the Newsletter by clicking the link provided in the footer of each e-mail message containing the Newsletter, which will result in unsubscribing you from the Newsletter mailing list and stopping the further processing of your personal data.

4. Storage period

Your data will be processed for the period during which you want to be subscribed to the Newsletter. After this time, your personal data may be further processed for the period resulting from the relevant legal provisions (limitation periods for claims and documentation storage periods).

5. Categories of data

Your e-mail address will be processed.

6. Data source

The processed data have been obtained directly from you.

7. Recipients

Your personal data may be also processed by other recipients, i.e. entities with which the Controller has concluded contracts for entrusting the processing of personal data, as well as by entities to which the Controller provides personal data. The entities indicated in the preceding sentence include the Controller's contractors, in particular in the field of IT, law, personal data protection, marketing and Newsletter subscription. If required by law, the data may be made available to state or local government authorities, judicial authorities, law enforcement authorities and control authorities.

The Newsletter may contain links to social networks. These websites, in particular facebook.com, instagram.com and printerest.com may collect users' personal data, regardless of whether the user uses these portals and is logged in at the moment. In order to obtain detailed information on the data collected by social networks, please refer to the privacy policies in force there.

8. Transfer to a third country

The Controller does not intend to transfer your personal data to third countries for the purposes of implementing the Newsletter subscription agreement.

The transfer of personal data to third countries may be made by providers of social networks to which links may be found in the Newsletter. The rules for collecting and processing data by these entities are defined by the privacy policies of their websites.

9. Profiling

Your personal data are not subject to automated decision making, including profiling for the purposes of sending the Newsletter. Profiling can, however, be performed on websites to which links are directed. More information in this regard can be found in the privacy policies of the websites to which the links contained in the Newsletter refer.

10. Rights:

You have the right to:

a.       request from the Controller to access your Personal Data, rectify them, delete or limit the processing of Personal Data and notify recipients of Personal Data about rectification or deletion of Personal Data or limitation of processing;
b.       raise an objection to the processing,
c.       receive copies of Personal Data subject to processing;
d.       lodge a complaint to the supervisory authority (the President of the Office for Personal Data Protection).