Privacy policy
We treat the security of personal data as a priority. We ensure that all our activities comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as “GDPR”).
In fulfilling our information obligations and in order to ensure transparency and clarity of the principles we apply to protect your personal data, we present this Privacy Policy.
GENERAL INFORMATION
The controller of the personal data of Users (hereinafter referred to as the “User”) of the website wereact.pl available at https://wereact.pl/ is Tomasz Rybka, operating under the business name WE React Sp. z o.o., with its registered office in Kielce, ul. Olszewskiego 23, 25-663 Kielce, Poland, NIP: 9592042421, REGON: 388894130, e-mail address: rodo@wereact.pl (hereinafter referred to as the “Controller”).
ZPRINCIPLES OF PRIVACY PROTECTION
As the controller of personal data, we attach great importance to protecting the privacy and confidentiality of personal data provided to us by Users.
We, as well as companies cooperating with us, carefully select and apply appropriate technical and organizational measures to ensure the protection of processed personal data. Full access to databases is granted only to persons duly authorized by the Controller.
We collect only data necessary to handle a given matter and do not collect or process excessive data.
The data collected by us are protected against disclosure to unauthorized persons and against processing in violation of applicable legal regulations.
The Controller processes Users’ personal data:
of persons using the website for analytical and statistical purposes. The legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) GDPR), consisting in analyzing Users’ activity and preferences in order to improve the functionalities used;
of persons interacting with the Controller via social media profiles:
for the purpose of administering the Controller’s profiles on social media platforms (Facebook / LinkedIn), including responding to messages, comments, and reactions, as well as for statistical and advertising purposes carried out using tools provided within these platforms;
on the basis of the Controller’s legitimate interest (Article 6(1)(f) GDPR), which consists in business communication with social media users, marketing of the Controller’s own services and products, providing informational content about the Controller, its services and products, and building the Controller’s brand.
The Controller processes publicly available personal data of Users available on the platform, such as first name, last name, image, and—if messages are sent—data voluntarily provided in the content of the message.
Additionally, your personal data may be processed for the purpose of establishing, pursuing, or defending against claims. The legal basis for processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR), consisting in protecting the Controller’s rights.
The Controller processes Users’ personal data for marketing purposes, i.e. displaying advertisements—including contextual advertising (i.e. advertising not tailored to User preferences). The legal basis for processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR).
PURPOSES OF PROCESSING PERSONAL DATA
The Controller processes Users’ personal data for the following purposes:
analytical and statistical purposes—where the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) GDPR), consisting in analyzing Users’ activity and preferences in order to improve functionalities and services provided;
concluding and performing a sales contract or taking actions at the User’s request prior to concluding such a contract, as well as handling complaints or contract withdrawal. The legal basis is the necessity of processing for the performance of a contract (Article 6(1)(b) GDPR) and the consent of the data subject (Article 6(1)(a) GDPR) for optional data;
fulfilling legal obligations incumbent on the Controller, e.g. related to accounting, issuing VAT invoices, handling complaints or refunds (Article 6(1)(c) GDPR).
SCOPE OF PERSONAL DATA PROCESSING
The Controller processes personal data provided by the User via the contact form, including first name, last name, e-mail address, phone number, and other data voluntarily provided in the message content.
The Controller processes personal data for the purpose of:
contacting the Controller via the contact form in order to handle and respond to inquiries submitted by Users. The legal basis is the necessity to perform a contract for the provision of electronic services (Article 6(1)(b) GDPR) and the User’s consent (Article 6(1)(a) GDPR) for optional data;
obtaining an offer for services provided by the Controller. The legal basis is the legitimate interest of the Controller consisting in marketing its own services (Article 6(1)(f) GDPR), in connection with consent granted in accordance with the Act on Providing Electronic Services and Telecommunications Law;
sending commercial information concerning the Controller and its business partners via electronic means (e-mail). The legal basis is the Controller’s legitimate interest in marketing its services (Article 6(1)(f) GDPR), in connection with the User’s consent expressed in accordance with the Act on Providing Electronic Services and Telecommunications Law;
processing based on the User’s consent (Article 6(1)(a) GDPR). The Controller processes personal data provided via the opinion form, including first name, last name, e-mail address, and other data voluntarily provided in the opinion content.
VOLUNTARINESS OF PROVIDING PERSONAL DATA
Providing personal data is always voluntary. However, it is necessary for communication with you and for concluding and properly performing contracts.
Consent to the processing of personal data for marketing and contact purposes is entirely voluntary and does not affect the provision of our services. However, if consent is not granted, we will not be able to contact you to present our current offer.
DATA RETENTION PERIOD
Personal data will be stored for the period necessary to properly perform contracts and after their termination until the expiration of limitation periods.
In the case of issuing VAT invoices, personal data will be stored for at least 5 years due to tax and accounting requirements.
If you use electronic services, your data will be processed for the duration of the service and up to 3 years after its termination.
Personal data processed on the basis of consent will be processed until the consent is withdrawn or an objection is raised.
Personal data provided to receive commercial information will be processed for the duration of the Controller’s legitimate interest in marketing its own services, no longer than until an objection is raised or consent is withdrawn.
Personal data processed within social media platforms will be processed for the duration of the Controller’s legitimate interest, the operation of the social media platform, or the existence of the User’s account.
RIGHTS OF DATA SUBJECTS
Each User whose personal data are processed by the Controller has the right to:
obtain information as to whether their personal data are stored;
access their data, rectify, update, or supplement them;
temporarily or permanently restrict processing;
request data portability or erasure;
object to processing or request its limitation;
lodge a complaint with the President of the Personal Data Protection Office if they believe processing violates GDPR provisions.
If processing is based on consent, consent may be withdrawn at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
You have the right to object at any time to the processing of your personal data for direct marketing purposes, including profiling.
You may also object to processing based on the Controller’s legitimate interest due to your particular situation.
To exercise any of these rights, please contact us at: rodo@wereact.pl.
For jointly controlled data processed within social media platforms, rights may be exercised directly with the platform operators in accordance with their policies:
LinkedIn: https://pl.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com%7Cli-other#other
RECIPIENTS OF PERSONAL DATA
Personal data may be disclosed to authorized entities, including public authorities, in accordance with applicable law.
Recipients of personal data may include third parties cooperating with the Controller, such as:
suppliers and installers of purchased products,
website maintenance and hosting service providers,
e-mail service providers,
electronic messaging service providers,
invoicing system providers,
customer service providers,
accounting and financial service providers,
courier companies,
payment intermediaries,
legal service providers,
Facebook and LinkedIn platform operators.
These entities are obliged under agreements to process data solely for purposes specified by the Controller and to ensure appropriate data protection and confidentiality.
TRANSFER OF DATA OUTSIDE THE EEA
The Controller transfers personal data outside the European Economic Area only for purposes for which they were provided, to the following entities due to their international nature:
Meta Platforms Inc. (California, USA) – operator of the Controller’s Facebook fan page. Privacy standards: https://www.facebook.com/privacy/explanation
Meta has implemented Standard Contractual Clauses: https://www.facebook.com/business/help/336550838147603Google LLC (California, USA) – provider of website traffic analytics. Privacy policy: https://policies.google.com/privacy
Information on implemented Standard Contractual Clauses:
https://support.google.com/analytics/answer/9012600
https://business.safety.google/adsprocessorterms/
https://business.safety.google/adscontrollerterms/LinkedIn Corporation (California, USA) – operator of the Controller’s LinkedIn account.
Privacy standards: https://www.linkedin.com/help/linkedin/answer/62533
AUTOMATED DECISION-MAKING AND PROFILING
Your personal data will not be processed in an automated manner that produces legal effects or significantly affects you.
Your data may be profiled to tailor content and personalize offers, without negatively affecting your rights or freedoms.
JOINT CONTROLLERS
The Controller uses social media plugins (Facebook and LinkedIn banners) placed on the website, redirecting to:
the Controller’s Facebook profile: https://www.facebook.com/pprzedsiebiorcy/
the Controller’s LinkedIn profile: https://www.linkedin.com/company/poradnikprzedsiebiorcy-pl/
Accordingly, joint controllers of Users’ data are:
Meta Platforms Ireland Limited, Dublin, Ireland
LinkedIn Ireland Unlimited Company, Dublin, Ireland
Joint controllership includes aggregated data analysis for statistics and advertising activities.
More information is available in:
Facebook Privacy Policy:
https://www.facebook.com/privacy/explanation
https://www.facebook.com/legal/terms/page_controller_addendumLinkedIn Privacy Policy:
https://pl.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com%7Cli-other#other
Cookies
Cookies are small text files stored on the user’s device while browsing websites. They store information about preferences and sessions and track user activity, enabling websites to operate efficiently and provide personalized content.
Cookies Used on the WeReact Website
Google Analytics
These cookies analyze website traffic, including visit numbers, time spent on the site, and user interactions.
They are stored for 2 years or until deleted by the user.
CookieYes Consent
This cookie stores the user’s consent preferences regarding cookies.
It indicates whether the user has consented to analytical, advertising, or functional cookies.
It is stored for 1 year.