1.1 Administrator - Tengo Poland Sp. z o.o. with its registered office in Warsaw, 18 Jana Dantyszka St., 02-054 entered in the Register of Entrepreneurs under KRS number: 0000897421, NIP: 7011031976.
1.2 Personal Data - all information about an identified or identifiable natural person through one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, Internet identifier and information collected through cookies and other similar technology.
1.4. GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
1.5 Service - the website operated by the Administrator at tengogroup.com.
1.6 User - any natural person visiting the Website or using one or more services or functionalities described in the Policy.
2. PROCESSING OF DATA IN CONNECTION WITH THE USE OF THE SERVICE
2.1 In connection with the User's use of the Service, the Administrator collects data to the extent necessary for the provision of the individual services offered, as well as information on the User's activity on the Service and the User's shopping preferences. Below there are described detailed principles and purposes of processing of personal data collected during the use of the Service by the User.
3. PURPOSES AND LEGAL BASIS OF DATA PROCESSING ON THE WEBSITE
USING THE SERVICE
3.1.Personal data of all persons using the Service (including IP address or other identifiers and information collected through cookies or other similar technologies) and not being registered Users (i.e. persons without a profile in the Service) are processed by the Administrator:
3.1.1. for the purpose of providing services electronically in the scope of making available to Users the content collected in the Service - then the legal basis of processing is the necessity of processing for the performance of the agreement (art. 6 sec. 1 letter b GDPR);
3.1.2. for analytical and statistical purposes - then the legal basis of the processing is the User's consent (art. 6 sec. 1 lit a GDPR);
3.1.3. for the purpose of possible establishment and assertion of claims or defence against them - the legal basis of the processing is the Administrator's legitimate interest (Article 6(1)(f) GDPR) consisting in the protection of your rights;
3.1.4. for marketing purposes of the Administrator and other entities, in particular related to the presentation of behavioural advertising - the rules of processing personal data for marketing purposes are described in the "MARKETING" section.
3.2 User activity in the Service, including his/her personal data, are recorded in system logs (special computer program used for storing a chronological record containing information on events and actions concerning the IT system used for provision of services by the Administrator). The information collected in the logs is processed mainly for the purposes related to the provision of services. The Administrator also processes them for technical and administrative purposes, for the purposes of ensuring IT system security and management of the system, as well as for analytical, statistical and marketing purposes - in this respect the legal basis of the processing is the Administrator's legitimate interest (Article 6(1)(f) GDPR).
- REGISTRATION ON THE WEBSITE
3.3 Persons who register on the Website are asked to provide data necessary to create and operate an account. In order to facilitate the service, the User may provide additional data, thereby consenting to its processing. Such data can be deleted at any time. Providing data marked as obligatory is required to create and operate an account, and their failure results in the impossibility to create an account. Provision of other data is voluntary.
3.4 Personal data is processed:
3.4.1. for the purpose of providing services related to the management and operation of an account on the Website - the legal basis for processing is the necessity of processing for the performance of the agreement (Article 6.1.b GDPR), and with regard to data provided optionally - the legal basis for processing is consent (Article 6.1.a GDPR);
3.4.2. for analytical and statistical purposes - the legal basis of the processing is the Administrator's legitimate interest (Article 6.1.f GDPR) consisting in conducting analyses of the Users' activity on the Website and of the way they use their accounts, as well as of their preferences in order to improve the applied functionalities, and with regard to information collected using cookies - the User's consent (Article 6.1.f GDPR);
3.4.3. for the purpose of possible establishment and assertion of claims or the defence against them - the legal basis of the processing is the Administrator's legitimate interest (Article 6 par. 1 letter f GDPR) consisting in the protection of your rights.
3.4.4. for marketing purposes of the Administrator and other entities - the rules of processing personal data for marketing purposes are described in the "MARKETING" section.
3.5 If the User places any personal data of other persons in the Service (including their name and surname, address, telephone number or e-mail address), he/she can do it only under the condition that he/she does not violate the regulations of the current law and the personal goods of these persons.
PLACING ORDERS (USING PAID SERVICES IN THE SERVICE)
3.6 Placing an order (purchase of goods or services) by the User via the Website involves the processing of his/her personal data. Providing data marked as obligatory is required for accepting and processing an order, and their failure to provide results in the lack of its execution. Providing other data is optional.
3.7 Personal data shall be processed:
3.7.1. for the purpose of fulfilling a submitted order - the legal basis for processing is the necessity of processing for the performance of the contract (Article 6(1)(b) of the GDPR); with regard to data provided optionally, the legal basis for processing is consent (Article 6(1)(a) of the GDPR);
3.7.2. for the purposes of complying with statutory obligations incumbent on the Administrator, arising in particular from tax and accounting regulations - the legal basis for processing is a legal obligation (Article 6(1)(c) of the GDPR);
3.7.3. for analytical and statistical purposes - the legal basis of the processing is the Administrator's legitimate interest (Article 6.1.f GDPR) consisting in conducting analyses of the Users' activity on the Website, as well as of their shopping preferences in order to improve the applied functionalities, and with regard to information collected using cookies - the User's consent (Article 6.1.f GDPR);
3.7.4. in order to possibly determine and pursue claims or to defend against them - the legal basis of the processing is the Administrator's legitimate interest (Article 6(1)(f) GDPR) consisting in the protection of the User's rights.
4.1 The Administrator processes the Users' personal data in order to carry out marketing activities, which may consist in:
4.1.1. displaying marketing content to the User which is not adapted to his/her preferences (contextual advertising);
4.1.2. displaying marketing content corresponding to the User's interests (behavioural advertising);
4.1.3. sending e-mail notifications about interesting offers or content, which in some cases contain commercial information (newsletter service)
4.1.4. carrying out other activities related to direct marketing of goods and services (sending commercial information by e-mail and telemarketing activities)
4.2 In order to carry out marketing activities, the Administrator in some cases uses profiling. This means that thanks to automatic data processing the Administrator evaluates selected factors concerning natural persons in order to analyse their behaviour or to create a forecast for the future.
- CONTEXTUAL ADVERTISING
4.3 The Administrator processes the Users' personal data for marketing purposes in connection with directing contextual advertising (i.e. advertising which is not tailored to the User's preferences) to the Users. The processing of personal data is then carried out in connection with the Administrator's legitimate interest (Article 6(1)(f) GDPR).
- BEHAVIOURAL ADVERTISING
4.4 The Administrator and its trusted partners process the Users' personal data, including personal data collected through cookies and other similar technologies, for marketing purposes in connection with targeting the Users with behavioural advertising (i.e. advertising that is tailored to the User's preferences). The processing of personal data then also includes profiling of Users. The use of personal data collected through this technology for marketing purposes, in particular for the promotion of services and goods of third parties, requires the User's consent. This consent may be withdrawn at any time, which does not affect the lawfulness of data processing up to the moment of withdrawal of consent.
4.5 The User may order the newsletter service (subscription). The newsletter service consists in periodic sending of information bulletins and messages containing marketing content (commercial information) concerning the Administrator to the e-mail address provided.
4.6 A newsletter subscription is made by ticking the appropriate option in the registration form (when registering in the Service) or through the subscription form available in the Service.
4.7 The newsletter subscription is voluntary and free of charge. The newsletter service is provided for an indefinite period and the User may unsubscribe from it at any time. In order to unsubscribe from the newsletter, it is sufficient to use the appropriate option visible in the footer of the e-mail message sent within the newsletter.
4.8 Personal data is processed:
4.8.1. for the purpose of providing the newsletter dispatch service - the legal basis for the processing is the necessity of the processing for the performance of the contract (Art. 6(1)(b) GDPR);
4.8.2. for the purpose of directing marketing content to the User within the newsletter - the legal basis for processing, including profiling, is the Administrator's legitimate interest (Art. 6(1)(f) GDPR) in relation to the consent to receive the newsletter;
4.8.3. for analytical and statistical purposes - the legal basis of the processing is the Administrator's legitimate interest, (Article 6(1)(f) GDPR);
4.8.4. for the purpose of possible establishment and investigation of claims or defence against them - the legal basis of processing is the Administrator's legitimate interest (Article 6(1)(f) GDPR).
5. SOCIAL NETWORKING SITES
5.1 The Administrator processes personal data of Users visiting the Administrator's profiles conducted in social media accounts TENGO Group (Facebook, Instagram, Linked.in), as: @tengo_group, @tengo.officeandhome are serviced with accordance of this regulation. The data are processed exclusively in connection with running the profile, including for the purpose of informing Users about the Administrator's activities and promoting various types of events, services and products. The legal basis for the processing of personal data by the Administrator for this purpose is its legitimate interest (Article 6(1)(f) GDPR) consisting in promoting its own brand.
6. COOKIES AND SIMILAR TECHNOLOGY
6.1 Cookies are small text files installed on the device of the User browsing the Website. Cookies collect information facilitating website use, e.g. by remembering User's visits to the Website and actions performed by him.
7. PERIOD OF PERSONAL DATA PROCESSING
7.1 The period of data processing by the Administrator depends on the type of the provided service and the purpose of processing. As a rule, the data are processed for the duration of the provision of the service or the execution of the order, until the withdrawal of the expressed consent or until filing an effective objection to the data processing in cases where the legal basis of the data processing is the legitimate interest of the Administrator.
7.2 The period of data processing may be extended where the processing is necessary to establish and assert or defend against possible claims, and thereafter only in the case and to the extent required by law. After the expiry of the processing period, the data shall be irreversibly deleted or anonymised.
7.3 The information collected by the Administrator using cookies is kept no longer than is necessary for the purposes for which the information was collected. The User can, at any time, withdraw his/her consent to the processing by the Administrator of data obtained from analytical and statistical and marketing cookies and delete the cookies from his/her Internet browser. The withdrawal of consent does not affect the lawfulness of data processing until the withdrawal of consent.
8. USER RIGHTS
8.1 The User shall have the right: to access the content of the data and to request their rectification, erasure, restriction of processing, the right to data portability and the right to object to the processing of the data, as well as the right to lodge a complaint to the supervisory authority dealing with personal data protection.
8.2 To the extent that the User's data are processed on the basis of the consent, you may withdraw it at any time by contacting the Administrator or using the functionalities made available in the Service, including the tab "My Profile" or "My Account" and "Managing cookies".
8.3 The User has the right to object to the processing of data for marketing purposes if the processing is carried out in connection with the Administrator's legitimate interest, and also - for reasons related to the User's specific situation - in other cases where the legal basis of data processing is the legitimate interest of the Administrator.
9. RECIPIENTS OF THE DATA
9.1 In connection with the provision of services, personal data will be disclosed to external entities, including in particular suppliers responsible for the operation of IT systems, entities such as banks and payment operators, entities providing accounting services, couriers (in connection with the execution of the order), marketing agencies (within the scope of marketing services) and entities related to the Administrator, including companies from its capital group, as well as law and tax offices and auditing companies.
9.2 If the User agrees, the Administrator can send to the User the marketing content containing commercial information of the Administrator's business partners.
9.3 The Administrator reserves the right to disclose selected information concerning the User to the competent authorities or to third parties who will submit a request for such information on the basis of the relevant legal basis and in accordance with the provisions of the applicable law.
10. TRANSFER OF DATA OUTSIDE THE EOG
10.1 The level of protection of personal data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Controller transfers personal data outside the EEA with an adequate level of protection, primarily by:
10.1.1. cooperating with processors of personal data in countries for which a relevant decision of the European Commission has been issued;
10.1.2. applying the standard contractual clauses issued by the European Commission;
10.1.3. use of binding corporate rules approved by the competent supervisory authority;
10.2 The controller shall always give notice of its intention to transfer personal data outside the EEA at the stage of collection.
11. SECURITY OF PERSONAL DATA
11.1 The Controller shall on an ongoing basis conduct a risk analysis to ensure that personal data are processed by him in a secure manner - ensuring in particular that only authorised persons have access to the data and only to the extent necessary for the performance of their tasks. The Administrator shall ensure that all operations on personal data are recorded and performed only by authorised employees and collaborators.
11.2 The Administrator shall take all necessary measures to ensure that also his subcontractors and other cooperating entities guarantee the application of appropriate security measures whenever they process personal data on behalf of the Administrator.
12. CONTACT INFORMATION
12.1 Contact with the Administrator is possible through the e-mail address firstname.lastname@example.org by telephone, in social media or in writing to the Administrator's registered office address.
12.2 The Administrator has appointed a Data Protection Supervisor, who can be contacted by e-mail: email@example.com or in writing to the Administrator's registered office address, in any matter concerning the processing of personal data.
13.1 The Policy is reviewed on an ongoing basis and updated as necessary. The current version of the Policy has been adopted and is effective as of 4 April 2022.