Privacy Policy

Last Updated: December, 2024

Dear User and Service Recipient

We make every effort to ensure the security and confidentiality of your personal data. We care about your privacy both when you visit our website, register an account with it, and use our services, as well as when you contact us by phone, email, subscribe to our newsletter, or visit our social media channels. We operate in accordance with the law, including the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (referred to as "GDPR").

In this document, we want to present you with the most important information about the processing of your personal data. For simplicity, we have summarized it in the form of questions and answers. All this so you can learn for what purpose, on what basis, and for how long we process your data, as well as who may have access to it and what rights you have.

How do we obtain your personal data?

When you use the Pubsite service (hereinafter referred to as the "Service"), you may be asked to provide your personal data. Providing data is voluntary, but in certain situations, it may be necessary. For example, without providing an email address, you will not receive our newsletter, we will not register your account, or respond to a query sent via the contact form. Some data is collected automatically using cookies during your visit to the Service (e.g., IP address, type of browser, type of operating system, etc.). They are used for administering the website, ensuring hosting services, and creating appropriate marketing content. However, you can freely block and limit the installation of cookies using your browser settings or other (free) solutions.

Who is the controller of your personal data?

The controller of your personal data is CC CODE Damian Kamiński, located at ul. Lilli Wenedy 15/30, 30-833 Krakow. NIP: 6792950185, REGON: 381006639. If you have any questions or concerns, you can contact us electronically at the following email address: [email protected]

For what purpose, on what legal basis, and for how long do we process your data?

We process your personal data:

• For the conclusion and performance of a service contract (registering and maintaining a service provider account, placing orders for free and paid services, executing the contract):

  • the legal basis is the necessity of processing to perform the contract or to take action at the request of the data subject before the conclusion of the contract (Art. 6(1)(b) GDPR),
  • data will be processed until the service is performed (deletion of the service provider account, termination of the service contract);

• To fulfill tax obligations (issuing invoices, storing accounting documentation):

  • the legal basis is the legal obligation incumbent on us (Art. 6(1)(c) GDPR),
  • data will be processed until the expiration of the limitation periods for tax liabilities;

• To fulfill obligations regarding data protection:

  • the legal basis is the legal obligation incumbent on us (Art. 6(1)(c) GDPR),
  • data will be processed until the expiration of limitation periods for claims related to violations of data protection regulations;

• Establishment, exercise, and defense of potential claims:

  • the legal basis is our legitimate interest (Art. 6(1)(f) GDPR), which we have in taking actions to protect our rights in proceedings before courts and other state authorities,
  • data will be processed until the expiration of limitation periods for claims arising from applicable laws;

• Ensuring the proper functioning of the Service and analyzing user activity in the Service:

  • the legal basis is our legitimate interest (Art. 6(1)(f) GDPR), which we have in conducting analyses and statistics on the use of the Service functionalities (e.g., Google Analytics cookies, Facebook Pixel),
  • data will be processed until an effective objection is raised or the processing purpose is achieved;

• Providing responses to questions addressed to us by phone or electronically, including through the form available via the Service and online chat:

  • the legal basis is our legitimate interest (Art. 6(1)(f) GDPR), which we have in communicating with our clients and responding to questions from our potential clients or other persons interested in our products and services,
  • data will be processed until the expiration of limitation periods for claims arising from applicable laws;

• Marketing (promotion of our goods and services):

  • the legal basis is our legitimate interest (Art. 6(1)(f) GDPR), which we have in maintaining business relations with clients and examining their satisfaction, taking care of our own interests and image, or expressly voluntary consent given for a specific purpose (Art. 6(1)(a) GDPR),
  • data will be processed until an effective objection is raised or the processing purpose is achieved, and if the basis for processing is consent - until the consent is withdrawn (withdrawal of consent does not affect the legality of data processing up to its withdrawal).

Remember! We process personal data as long as necessary to achieve the above-mentioned purposes unless you submit a valid and lawful request for the deletion of your personal data. Additionally, the processing period may depend on the content of applicable laws, e.g., in the storage of financial documents or limitation periods for claims.

Who may be the recipient of your personal data?

In some situations, if it proves necessary to achieve the purposes of data processing, we use the support and assistance of external entities. However, before transferring personal data, we always require from their recipients to guarantee appropriate protection and confidentiality. Recipients of your personal data may include:

• Entities co-participating in the performance of our contracts, such as accounting firms, IT service providers, hosting service providers, payment system providers,
• Entities whose support and services we use in our business activities, based on separate agreements, such as providers of tools for analyzing activity in the Service and direct marketing, providers of tools for creating landing pages and collecting leads, office system providers, project management software providers, communication software providers,
• Authorized state bodies under applicable laws,
• Other entities whose request for data transfers is justified by applicable laws.

Do we transfer personal data to third countries?

As a rule, we do not transfer personal data to countries outside the European Union and the European Economic Area (EEA). However, if necessary due to the performance of services, we will assess the circumstances and ensure an adequate level of data security, so that processing is carried out in accordance with applicable legal regulations. While operating the Service, we use services and technologies offered by entities such as Facebook, Microsoft, Google, Amazon, which are based in the United States and may partially process personal data using servers located outside the European Economic Area (EEA). Under GDPR, these are entities located in third countries, for which an adequate level of protection or a mention of appropriate safeguards must be ensured. We assure you that these entities use compliance mechanisms provided by the GDPR (e.g., certificates) or standard contractual clauses adopted by the European Commission (Art. 46(2)(c) GDPR). More information on data processing principles by these entities can be found on the websites of these service providers.

Do we use so-called cookies?

In the Service, we use so-called cookies, which are short text information saved on a user's computer, phone, tablet, or other device, which can be read by our system as well as systems belonging to other entities, whose services we use: Facebook, Google. Thanks to cookies, we collect anonymous data about user visits to the Service, which we may use to improve the Service's functionalities, identify errors, or for marketing activities. Typically, web browsers allow cookies to be used on end devices by default. However, users can block and limit the installation of cookies at their discretion using browser settings or other (free) solutions. During your first visit to the Service, we will show you information about using cookies. If you do not change your browser settings, you consent to their use. More information on how to change cookie settings can be found on the website of your web browser. We inform you that disabling or limiting cookie support may cause difficulties in using the website, e.g., it may result in a longer page loading time or limit the ability to use functionalities or like the page on Facebook.

How do we protect your data?

To ensure a high and consistent level of protection, we apply security measures adequate to the processing environment, as well as technical and organizational measures, which include, among others:

• TLS protocol encryption,
• Creating backups,
• Equipping data centers with data protection mechanisms,
• Conducting regular security level tests,
• Monitoring personal data security,
• Minimizing the risk of potential misuse and quickly responding in the event of their occurrence,
• Implementing a data protection policy,
• Ensuring continuous confidentiality, integrity, availability, and resilience of processing systems and services,
• Allowing access to personal data only to authorized persons,
• Creating and regularly changing passwords for systems where personal data is processed.

What rights do individuals whose data we process have?

Individuals whose data we process have the right to:

• Access their personal data;
• Correct personal data;
• Erase personal data;
• Restrict processing of personal data;
• Object to the processing of personal data;
• Transfer personal data;
• Withdraw consent for data processing (if the processing is based on consent).

However, the above-mentioned rights are not absolute, and in some situations, after analysis, we may lawfully refuse to fulfill them. We also inform you that the withdrawal of consent for data processing will not affect the legality of data processing that took place on the consent basis before its withdrawal. If you make a request for any of the above-mentioned rights, we will respond to it promptly, but no later than within one month from the date of receipt. If, due to the complex nature of the request or the number of requests, we cannot meet your request within a month, we will fulfill it within the next two months. However, we will inform you in advance about the intention to extend the deadline.

How can you complain about irregularities in data processing?

If you believe that your personal data is being processed by us in violation of applicable law, you may file a complaint with the President of the Personal Data Protection Office.

Does using the Service involve sending logs to the server?

Using the Service involves sending requests to the server on which the site is stored. Each request addressed to the server is saved in server logs and stored on the server. Logs include, among others, IP address, server date and time, information about the web browser, and operating system. The data saved in the server logs is not associated with specific individuals using the site and is not used by us to identify you. Server logs are only auxiliary material used for site administration, and their content is not disclosed to anyone other than persons authorized to administer the server.

Can we change our Privacy Policy?

Yes. Data protection is a process that we adapt to current needs and changing technology. Therefore, our Privacy Policy may be supplemented or changed, about which we will inform you by posting information in the Service, and in case of significant changes, we will send separate notifications to registered service users electronically.