1. Definitions and general information

Administrator – The administrator of personal data is IRMATIC Sp. z o.o. with its registered office at Sobienki 30, 08-445 Osieck, NIP 1231495551, REGON 389202305 entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for m.st Warsaw, XIV Commercial Division of the National Court Register under KRS number 0000906109. BDO: 000607429. You can contact the Administratroem at the following e-mail address: [email protected], phone number: +48 537 164 649.

Personal data – information about an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

System – means a system run by the Administrator, which enables the Administrator to provide services to Users, in the form of in particular maintenance services for purchased machines or services for the delivery of software to these machines

Profiling – means a form of automated processing of personal data that involves the use of personal data to evaluate certain personal aspects of a natural person, in particular to analyze or forecast aspects of personal preferences and interests.

 User – the  term User means persons who have gained access to the System maintained by the Administrator and within this System the personal data of these persons have been indicated;

2. Legal basis for the processing of the User’s data and its scope

1. Personal data collected by the Controller are processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as „GDPR”), the Act of 10 May 2018 on the protection of personal data (Journal of Laws of 2018, item 1000) and the Act of 18 July 2002 on the provision of services electronically (Journal of Laws of 2017, item 1219, as amended).
2. The Controller processes only the personal data that the User has provided in connection with the use of the System. The processing of Users’ data is carried out to the extent and for the purpose of: 
1. concluding the Agreement and performing activities that are necessary to finalize and operate it – pursuant to Article 6(1)(b) of the GDPR 
2. recovery of receivables – pursuant to Article 6(1)(f) of the GDPR, i.e. due to the fact that the processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party,
3. compliance with legal obligations incumbent on the Controller in connection with conducting business activity – pursuant to Article 6(1)(c) of the GDPR, i.e. due to the fact that the processing is necessary to comply with a legal obligation incumbent on the Controller,
4. sending commercial information by electronic means on the basis of a separately granted consent (Article 6(1)(a) of the GDPR),
5. use of telecommunications terminal equipment and automated calling systems for direct marketing purposes in accordance with Article 172 of the Act of 16 July 2004. Telecommunications Law (Journal of Laws of 2017, item 1907, as amended) – on the basis of a separately granted consent.
3. Browsing the content of the System does not require providing any personal data other than automatically obtained information about connection parameters.

3. Lawfulness of processing and application of appropriate safeguards

1. The Controller processes data in accordance with the law, collects them for specified, lawful purposes and does not subject them to further processing incompatible with these purposes. The data is collected only to the adequate, necessary and necessary extent in relation to the purposes for which it is processed. Users’ personal data may be transferred by the Administrator to third parties who may be interested in concluding an agreement with the User, the detailed content of which will be determined directly between the User and the third party. 
2. The Administrator makes every effort to protect the Users’ personal data against unauthorized access to them by third parties and in this respect applies organizational and technical security measures at a high level. The Administrator does not make personal data available to any recipients who are not authorized to do so in accordance with the mandatory provisions of law in this respect. The Controller may entrust another entity, by way of a written agreement, with the processing of personal data on behalf of the Controller. The data may be made available to entities authorized to receive them under mandatory provisions of law.

4. Automated processing of personal data (profiling)

1. In order to provide the most advantageous, tailored, personalized offer for its Users and for the purposes necessary to conclude or perform a contract between the data subject and the Controller, as well as in the case of the explicit consent of the data subject, the Data Controller may use Profiling.
2. In the case of data processing for direct marketing purposes, including Profiling, processing based on the legitimate interest of the Administrator, for the purposes of scientific, historical and statistical research, data subjects have the right to object, due to the specific situation of the data subject. The Controller does not make a decision that is based solely on automated processing, including Profiling, and significantly affects the data subject. The Controller shall implement appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, and at least the right to obtain human intervention from the Controller, to express his or her own position and to contest the decision resulting from automated data processing.

5. Duration of personal data processing

1. Personal data will be processed for the following periods: 
1. necessary for the performance of contracts concluded with the Administrator, in particular the contract for the purchase of goods offered by the Administrator and agreements for granting licenses for software to these goods, including after their performance due to the possibility for the parties to exercise their rights under the agreement, as well as due to possible recovery of receivables – until the expiry of the limitation period for claims;
2. until the consent is withdrawn or the data is processed – in the case of the processing of the User’s personal data on the basis of a separate consent.
2. The Controller also stores Users’ personal data if it is necessary to comply with its legal obligations, resolve disputes, enforce the User’s obligations, maintain security, prevent fraud and abuse.

6. Your rights

1. The Administrator shall ensure that the Users exercise the rights referred to in point 2 below. In order to exercise your rights, you should send an appropriate request (appropriate request) by e-mail to the following address: [email protected]
2. You have the right to: 
1. Access to the content of data – in accordance with Article 15 of the GDPR,
2. Rectify/update data – in accordance with Article 16 of the GDPR,
3. Erasure of data – in accordance with Article 17 of the GDPR,
4. Restriction of data processing – in accordance with Article 18 of the GDPR,
5. Data portability – in accordance with Article 20 of the GDPR,
6. Object to the processing of your data – in accordance with Article 21 of the GDPR,
7. Withdraw your consent at any time, whereby the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal – in accordance with Article 7(3) of the GDPR,
8. Lodge a complaint with a supervisory authority – in accordance with Article 77 of the GDPR.
3. The Administrator shall consider the submitted requests immediately, but no later than within one month from the date of their receipt. If, however, due to the complexity of the request or the number of requests, the Administrator is unable to consider the User’s request within the specified period, it shall inform the User of the intended extension of the deadline and indicate the deadline for considering the application, but not longer than 2 months.
4. The Controller shall inform each recipient to whom the personal data has been disclosed about the rectification or deletion of personal data or restriction of processing carried out in accordance with the User’s request, unless this proves impossible or requires disproportionate effort.

7. Disclosure of Information

1. In order to perform the agreement, the Administrator may make the data collected from the Users available to entities including, in particular: employees, associates, entities providing legal services to the Administrator, IT services, accounting office keeping the Administrator’s accounts.
2. In such cases, the amount of data transferred is limited to the required minimum. In addition, the information provided by the Users may be made available to competent public authorities if required by applicable law.
3. Recipients not indicated above are not provided with the processed personal data externally in a form that would allow for any identification of the Users, unless the User has consented to it.
4. Users’ personal data will not be transferred to countries outside the European Economic Area.

8. Changes to the Privacy Policy 

1. The Administrator has the right to amend this document, of which the User will be notified in a manner enabling the User to become familiar with the changes before they enter into force.
2. Your continued use of the System following the posting or posting of a notice of changes to this document shall be deemed to constitute your consent to the collection, use and disclosure of your personal data as updated to this document.
3. This document does not limit any rights of the User under generally applicable laws.