LEGAL

Privacy and cookies policy

At Linker Cloud, we believe that being transparent towards our partners is the key to business success. This also applies to the data we collect. Below you will find all the information you need on those legal topics.

I. General provisions

This Privacy and Cookies Policy sets out the rules for the processing by the Controller of the personal data obtained via contact forms on the website Linkercloud.com (“Website“) and in the course of providing services related to the Website.

The Controller of your personal data within the meaning of personal data protection regulations is Linker Cloud spółka z ograniczoną odpowiedzialnością (Polish limited liability company) with its registered office in Warsaw, ul. Tadeusza Borowskiego 2, 03-475 Warsaw, recorded in the register of business organisations of the National Court Register maintained by the District Court for the Capital City of Warsaw in Warsaw, Commercial Division 13 National Court Register, entry number 0000662133, Polish tax identification number NIP: 5223082902, Polish business identification number REGON: 366498427, initial company share capital of PLN 186,000.00 (“Controller“).

The Controller, when processing personal data, shall ensure compliance with applicable regulations, in particular:

  1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as “Regulation”. The official text of the Regulation: http://data.europa.eu/eli/reg/2016/679/oj;
  2. Act of 10 May 2018 on Personal Data Protection (consolidated text, Dziennik Ustaw 2019, item 1781), hereinafter referred to as the “Act”.

The Controller has appointed the Data Protection Officer, who can be contacted by email: info@linkercloud.com.

The Controller shall exercise due diligence to respect the privacy of Users visiting the Website and using the Controller’s services. The Controller shall guarantee the confidentiality of all personal data and that all security and personal data protection measures required by personal data protection regulations, including provisions laid down in the Regulation and the Act, shall be taken. Personal data is collected with due diligence and adequately protected against access by unauthorised persons.

The Controller shall not make automated decisions in individual cases and shall not apply User profiling.

The Controller does not collect or process sensitive data, referred to in the Regulation as “special categories of personal data”. The Controller also does not wish to collect and process the data of minors under the age of 16.

II. User rights

The User of the Website has the following rights arising from the processing of their personal data:

  1. Right to request access to own personal data – the User has the right to obtain a confirmation whether the Controller processes his/her personal data and, if applicable, the right to access that data and receive information concerning such data as: the purpose of processing, categories of data, information about recipients or categories of recipients to whom the data has been disclosed, the planned period of storage of personal data or criteria for determining that period; the above right also includes the right to receive free copies of data (for all subsequent copies requested by the User, the Controller may charge a reasonable fee resulting from administrative costs),
  2. Right to rectify personal data (if it is incorrect), which also includes the submission of a request to supplement incomplete personal data,
  3. Right to delete personal data (the so-called “right to be forgotten”) in the following circumstances: if the User’s personal data is no longer necessary for the purposes for which they were collected, the User withdrew their consent to its processing, and there is no other basis for data processing, the User filed an objection to the processing, the personal data was processed contrary to the law, the personal data must be deleted in order to fulfil the legal obligation provided for in the EU Law or the law of the Member State to which the Controller is subject, the personal data was collected in connection with offering information society services,
  4. Right to restrict the processing of data, if: the User questions the accuracy of personal data (for a period allowing the Controller to verify the accuracy of such data), the processing is illegal and the User opposes the deletion of data, the Controller no longer needs personal data for processing purposes, but needs it to establish, assert or defend claims, the User has raised an objection to the processing until it is determined whether the legitimate grounds on the part of the Controller prevail over the grounds for the User’s objection,
  5. Right to object to the processing, if: the User does not want the Controller to process data, 
  6. Right to data portability, including the right to receive personal data provided by the User from the Controller in a structured, commonly used, machine-readable format, including the right to request for the personal data to be sent by the Controller directly to another Controller (where technically possible),
  7. Right to withdraw your consent to data processing at any time (this will not affect the lawfulness of processing based on consent before its withdrawal),
  8. Right to file a complaint with the President of the Personal Data Protection Office, if the User deems that the processing of personal data is in breach of the provisions laid down in the Regulation.

Should you have any questions related to the processing of personal data or should you wish to exercise any of the aforementioned rights, please contact the Data Protection Officer by sending an email to the following address: info@linkercloud.com.

III. Data transfer

In order to ensure the proper functioning of the Website and the professional provision of its services, the Controller must use third party services. The Controller engages the services of only those processing entities which provide sufficient guarantees regarding the implementation of adequate technical and organisational measures, so as to ensure that processing is conducted in accordance with the requirements laid down in the Regulation and in a way that protects the rights of data subjects pursuant to Article 28 of the Regulation. 

The Controller shall entrust the processing of personal data to the following categories of entities:

  1. Accounting, legal and advisory service providers (in particular an accounting firm, law firm, enforcement company),
  2. Hosting services providers,
  3. Calculation cloud service providers,
  4. Newsletter mailing system providers,
  5. CRM system providers,
  6. Invoicing system providers,
  7. Service providers supplying the Controller with technical, IT and organisational solutions (in particular, the provider of computer software for running the Website and providing services, electronic mail service providers and providers of software used for managing the company and providing technical assistance to the Controller), 
  8. Other entities, if the use of their services is necessary for the proper operation of the Website and for the provision of services by the Controller.

All entities entrusted by the Controller with the processing of personal data guarantee the application of adequate measures of personal data security and protection measures as required by law.

As part of the Controller’s use of tools aimed at supporting their day-to-day operations made available, e.g. by Google, the User’s personal data may be transferred to a country outside the European Economic Area, in particular, to the United States of America (USA) or another country wherein the entity cooperating with it maintains tools serving the purpose of processing personal data in cooperation with the Controller.

Adequate measures to safeguard the personal data transferred are provided by the Controller through the use of standard data protection clauses adopted in adherence to the European Commission’s decisions and personal data processing agreements that meet the requirements of the GDPR. Should the data be transferred from Europe to the USA, some entities located there may additionally provide an adequate level of data protection under the so-called Privacy Shield programme (more information on this subject is available at: https://www.privacyshield.gov/).

In relation to each and every processing entity, pursuant to Art. 28(3) of the Regulation, a personal data processing agreement shall apply.

The Controller may be obliged to provide information collected by the Website to authorised bodies on the basis of legal requests, to the extent arising from those requests.

IV. Purposes of processing, retention period and scope of data

The purpose of processing the User’s personal data, as well as the scope of the data processed and the period of retention thereof, shall depend on the relationship between the Controller and the User, in particular, the scope of activities that the Controller either performs or may perform for the User.

  1. Purpose of processing: creating a User account on the Software as a Service Linker – Cloud Fulfillment Platform in relation to the service provision agreement concluded.

Legal basis:

  • Art. 6(1)(b) of the Regulation – conclusion, performance, and termination of a civil law agreement,
  • Art.6(1)(c) of the Regulation – satisfaction of obligations arising from legal provisions, including financial and tax obligations, by the Controller, arising from a conjunction with Art. 86 § 1 of the Act of January 29, 1997 – Tax Ordinance (consolidated text, Journal of Laws of 2019, item 900) or Art. 74(2) of the Accounting Act of 29 September 1994 (consolidated text, Journal of Laws of 2019, item 351).

Retention period: period of the civil law agreement, and after expiry thereof, for the limitation period of civil law claims arising from the agreement concluded, and for the period required by law, in particular, by tax regulations – for the limitation period of tax liabilities.

Scope of data: email address, first name, last name, business name, phone number, and other data voluntarily provided by the User.

Failure to provide the above data will result in the inability to open a User Account. 

  1. Purpose of processing: establishing contact with the Controller and corresponding via email

Legal basis:

  • Art. 6(1)(a) of the Regulation – consent of persons who the data concerns,
  • Art. 6(1)(f) of the Regulation – legitimate interest of the Controller

Retention period: until the User withdraws consent, provided that this data is processed based thereon, but no longer than 1 year from the date of completion of correspondence, and for an additional period of time corresponding to the limitation period of claims, which may be brought by or against the Controller. Should the data be processed on the basis of the Controller’s legitimate interest – personal data will be stored for the duration of the services rendered by the Controller, and after the service has been completed for an additional period of time corresponding to the limitation period of claims, which may be brought by or against the Controller.

Scope of data: first name, last name, email address and any data voluntarily provided by the User in the email message.

Failure to provide the aforementioned data will result in the inability to establish contact with the Controller by email.

  1. Purpose of processing: establishing contact with the Controller via a contact form – newsletter subscription.

Legal basis: Art. 6(1)(a) of the Regulation – consent of persons whom the data concerns.

Retention period: until the User withdraws consent, provided that this data is processed based thereon, and for an additional period of time corresponding to the limitation period of claims, which may be brought by or against the Controller.

Scope of data: first name, last name, email address, and any data voluntarily provided by the User in the email message.

Failure to provide the aforementioned data will result in the inability to establish contact with the Controller via a contact form.

  1. Purpose of processing: establishing contact with the Controller via a contact form – contact for the purpose of receiving offer for Linker’s fulfilment network or for the Cloud Fulfillment Platform software.

Legal basis: Art. 6(1)(a) of the Regulation – consent of persons whom the data concerns.

Retention period: until the User withdraws consent, provided that this data is processed based thereon, and for an additional period of time corresponding to the limitation period of claims, which may be brought by or against the Controller.

Scope of data: first name, last name, email address, and any data voluntarily provided by the User in the email message.

Failure to provide the aforementioned data will result in the inability to establish contact with the Controller via a contact form.

V. Purpose of processing: mailing of marketing and commercial information in electronic form.

Legal basis:

  • Art. 6(1)(a) of the Regulation – consent of persons who the data concerns or,
  • Art. 6(1)(f) of the Regulation – implementation of the Controller ‘s legitimate interests

Retention period: until the User withdraws consent, provided that this data is processed based thereon, and for an additional period of time corresponding to the limitation period of claims, which may be brought by or against the Controller. Should the data be processed on the basis of the Controller’s legitimate interest – personal data will be stored for the duration of the services rendered by the Controller, and after the service has been completed for an additional period of time corresponding to the limitation period of claims, which may be brought by or against the Controller.

Scope of data: first name, last name, email address, and any data voluntarily provided by the User in the email message.

Failure to provide the aforementioned data will result in the inability to establish contact with the Controller via email.

VI. Cookies

The Website uses cookies, i.e. small text files stored on the User’s end device (e.g. computer, tablet, smartphone), which may read by the Controller’s ICT system.

The Website uses two types of cookies: session cookies which are deleted permanently when the User ends the browser session and persistent cookies that remain after the end of the browser session on the User’s device until they are deleted.

When visiting the Website, the information on the use of cookies is displayed. By using the Website, you shall consent to the use of cookies to the extent indicated herein. The User has the ability to manage cookies from the website level. The User may change cookie settings from their web browser or delete cookies. It should be remembered that disabling cookies may cause difficulties in using the Website. 

The Controller uses its own cookies in order to ensure the proper operation of the Website. 

The Website uses functions provided by third parties, which involve the use of cookies originating from third parties. 

Cookies are used to ensure the Website’s functionality: identify the Users, log the User’s activity on the Website, save data from completed forms or login data, and keep statistics.

Web browser settings regarding cookies are important from the perspective of consent to the use of cookies by the Website – in accordance with the law, such consent may also be expressed through web browser settings. In the absence of such consent, it is necessary to change web browser setting regarding cookies. 

We also use other technologies of a similar nature to cookies, such as local storage, which is used to retain data saved when using websites in a separate part of the browser’s memory. Access to data in local storage may only be obtained by the website therefrom the data has been saved in the browser. Data in local storage is stored by the browser after it is closed and, unlike cookies, it has no time limit, i.e. it is in operation until it is deleted by the user.

The Controller uses the Google Analytics tool to create statistics, analyse them and optimise the operation of the Website. Google Analytics automatically collects information about the use of the Website. The information collected in this way is usually transmitted to Google servers. As part of using Google Analytics, the Controller does not collect any personal data. 

VII. Server logs

The use of the Website involves sending queries to the server on which the Website is stored. Each query sent to the server is saved in server logs. 

The logs include, among others, the User’s IP address, server date and time, information about the User’s web browser and operating system. Logs are saved and stored on the server. 

Data recorded in server logs are not associated with specific persons using the Website and are not used by the Controller to identify the User.

The above data is used only for server administration purposes. Server logs are only an auxiliary material used to administer the Website, and their content is not disclosed to anyone outside persons authorised to administer the server.