Shall apply from 15th May 2020
Dear Buyer or Visitor,
IT Train Włodzimierz Krakowski, Poland, VAT PL 683-172-19-69 as the owner of the Services courses.refactoring.pl & www.refactoring.pl makes every effort to ensure the security and confidentiality of your personal data. We care about your privacy both when you visit our website, register an account with us and use our services, as well as when you contact us by phone or e-mail, subscribe to a newsletter or visit our social media channels. We act in accordance with the letter of the law, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as “RODO”).
In this document we want to provide you with the most relevant information about the processing of personal data. For the sake of simplicity, we have compiled them in the form of questions and answers. All of this is done in order to help you find out for what purpose, on what basis and for how long we are processing your data, who has access to it and what rights you have.
Who is the Administrator of your personal data?
The Administrator of personal data is IT Train Włodzimierz Krakowski with a registered office at the ul. Polonijna 16/17, 30-668 Kraków, Poland, residence VAT UE: number “PL 683-172-19-69”.
If you have any questions or concerns, you can contact us by e-mail at the following address: courses (-at-) refactoring.pl
For what purpose do we process personal data?
We process your personal data for the following purposes:
- in order to maintain the Student’s Account – the personal data you provide to us at registration is necessary for you to order and use our courses,
- in order to provide the services – the personal data you provide us with are necessary for the execution of the order, settlement of the contract and possible enforcement of our claims,
- to answer your questions by phone or email, including a form on our website and individual social media channels (i.e. Facebook, Instagram, Linkedin, Twitter),
- to send you the newsletter – based on your consent to receive it,
- for marketing and statistical purposes – information about visits to our website and social media is associated with the promotion and development of courses.refactoring.pl / www.refactorng.pl and work on improving the products and quality of our services.
On what legal basis do we process personal data?
The legal basis for our processing of personal data is respectively:
- Contract or action prior to the conclusion of a contract at the request of the data subject (Article 6(1)(b) RODO),
- the relevant legal provisions if the processing is necessary to fulfil our legal obligations (6.1.c RODO), e.g. regulations specifying the scope of the data to be indicated on the invoice,
- our so called legally justified interest, which we have in carrying out marketing activities, creating statistics on the use of particular functionalities of the service and maintaining business relations with you (6 paragraph 1 letter f RODO),
- Your consent is explicit and voluntary (Article 6(1)(a) of the RODO) – if we ask for and are given your consent, e.g. if you want to receive the newsletter,
- to establish, pursue or enforce claims, which is our legitimate interest to initiate proceedings and defend ourselves against claims in proceedings before the courts and other state bodies (Article 6(1)(f) of the RODO).
How long do we process personal data?
We process your personal data for as long as necessary to achieve the purposes indicated above, unless you make a valid and correct request to delete your personal data. In addition, the period of processing may depend on the content of the legal provisions applicable to us, e.g. in the case of the storage of financial documents or the time limits for claiming.
Do we share data with other parties?
In some situations, further transfer of personal data may be necessary for us to be able to fulfil our contractual obligations and conduct business activities in a correct and professional manner. However, each time, before providing personal data, we require the recipient to guarantee appropriate protection and confidentiality.
We may transfer your personal data:
- to the parties involved in the performance of our contracts, e.g. accountancy offices, IT service providers,
- our authorized employees and associates for whom access to your data is necessary for the proper performance of their duties,
- to the state authorities empowered by the applicable law.
Do we transfer personal data to third countries?
As a rule, we do not transfer personal data to countries outside the European Union. However, if it is necessary in connection with the sale of our products and the provision of services, we will assess the circumstances and ensure an appropriate level of data security so that the processing is carried out in accordance with the applicable legal regulations.
At the same time, we would like to inform you that in conducting our service, we use the services and technologies offered by such entities as: Facebook, Microsoft, Google, which are based in the United States. In the light of the RODO regulations, these will be so-called entities located in third countries, with respect to which it must be demonstrated that an adequate degree of protection or mention of appropriate safeguards is provided. We therefore ensure that the above entities have joined the Privacy Shield Programme on the basis of the European Commission’s Implementing Decision of 12 July 2016 and ensure that they comply with the high data protection standards that apply in the European Union. Therefore, the use of their services and technologies in the processing of personal data is legal.
Do we process personal data in an automated way?
We do not take automated decisions, in particular those which could have legal effects on individuals or which could affect them in a similarly significant way.
Do we use so-called cookies?
We use so-called “cookies” on our website, i.e. short text information saved on your computer, phone, tablet or other user’s device which can be read by our system, as well as by the systems of other entities whose services we use (e.g. Facebook, Google and others). Through Cookies, we collect anonymous data about visits to our sites, which we can then use to improve the functions available on the site, identify errors or our marketing activities.
How do we protect your data?
In order to ensure a high and consistent level of protection, we use appropriate technical and organizational measures to process the security of the IT environment, including but not limited to:
- TLS encryption,
- making backup copies,
- equipping data centres with data protection mechanisms,
- conducting regular safety tests,
- monitoring the security of personal data,
- minimising the risk of potential abuse and reacting quickly if it occurs,
- implementing data protection policy,
- ensure the continued confidentiality, integrity, availability and resilience of processing systems and services,
- to allow access to personal data only to authorised persons,
- creation and regular change of access passwords to systems where personal data are processed.
What rights do the people whose data we process have?
The persons whose data we process are entitled to:
- access to their personal data,
- to correct personal data,
- delete personal data,
- restrictions on the processing of personal data,
- to object to the processing of personal data,
- the transfer of personal data,
- withdrawal of consent to data processing.
However, the above mentioned rights are not absolute and in some situations, after analysis, we may legitimately refuse them.
We would also like to inform you that the withdrawal of consent to data processing will not affect the lawfulness of the data processing which took place on the basis of the consent granted before its withdrawal.
If you request us to exercise any of the above rights, we will respond to you as soon as possible, but no later than one month after receipt. If, due to the complexity of the request or the number of requests, we are unable to comply with your request within one month, we will comply with it within the next two months. However, we will inform you in advance of the intended extension of the deadline.
How can I challenge irregularities in the processing of my personal data?
If you believe that your personal data is being processed by us in contravention of the law, you can file a complaint with the President of the Office for Personal Data Protection.