The words with capital letters have the meaning given to them by the Regulations of this Website.
Personal data collected by the Administrator of the Website is processed in accordance with provisions of Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1), hereinafter referred to as: GDPR.
The Administrator of the Website makes special efforts to protect the privacy and information provided to them regarding Users of the Website. The administrator selects and applies appropriate technical measures, including programming and organizational measures, ensuring protection of the data being processed, in particular protecting data against their disclosure to unauthorized persons, disclosure, loss and destruction, unauthorized modification, as well as against their processing in violation of the applicable law.
The recipients of the possible usage of the Services available on the website are not children under 16 years of age. The personal data Administrator does not plan to collect data on children under 16 years of age.
THE ADMINISTRATOR OF PERSONAL DATA
The Administrator of your personal data is:
TOKENEO TEO OÜ
Ul. Maakri 19-7K
10-145 Tallin, Estonia
In the matter of your personal data, you can contact the personal data Administrator via:
- e-mail: [email protected].
PURPOSES AND LEGAL FRAMEWORK OF PROCESSING PERSONAL DATA
The personal data Administrator processes your personal data for the following purposes and scope:
- performance of the Contract for the provision of Services, i.e. access to Services, and submission of Orders and Orders for Content Services, we process personal data provided by you in the Account and as part of forms and data on your activity on the Website, i.e. data on the Services you have viewed, as well as data about the session, your device and operating system, browser, location and unique ID, IP address. Providing some data is a condition for using individual Services (mandatory data). Our system automatically indicates mandatory data. The consequence of not providing this data is our inability to provide certain Services. In addition to data marked as mandatory, providing other personal data is voluntary.
- in order to statistics on the use of individual functionalities available on the Website, to facilitate the use of the Website and to ensure the IT security of the Website, we process personal data regarding your activity on the Website and the amount of time spent on each of the subpages on the Website, your search history, location, IP address, device ID, data about your web browser and operating system;
- in order to determine, pursue and enforce claims and defend against claims in court proceedings and other enforcement authorities, we may process your personal data provided in the forms and other data necessary to prove the existence of the claim or which result from a legal requirement, court order or other legal procedure;
- in order to consider complaints and applications and to answer Users' questions, we process personal data provided by you in complaints and applications, or in order to answer questions contained in another form as well as data on the Services we provide that are the cause of complaints or applications and data contained in documents attached to complaints and applications;
- in order to research the market and opinions by us or our partners, i.e. information about services, your data provided when using the services, e-mail address. Data collected as part of market research and opinion research are not used by us for advertising purposes. The exact tips are given in the information about the questionnaire or in the place where you enter your data;
- in order to market our Services and our partners' services, including remarketing, for this purpose we process data on your activity
- on the Website, including activities that are recorded and stored through cookies, in particular the history of activities, ordered services, search history, clicks on the Website, history and the User's activity related to our communication with them. In the case of remarketing, we use data about the activity to reach the User with our marketing messages outside the Website and we use the services of external suppliers for this purpose. These services include displaying our messages on websites other than our Service. Details can be found in the records regarding Cookies.
PERSONAL DATA CATEGORIES
The personal data administrator processes the following categories of relevant personal data:
- contact details;
- data regarding the ordered Services;
- Website activity data;
- complaints and applications data;
- marketing services data.
FREEDOM TO PROVIDE PERSONAL DATA
Providing the required personal data by the User is voluntary and is a condition for the provision of services by the Administrator of personal data via the Website.
DATA PROCESSING TIME
Personal data will be processed for the period necessary to perform services, marketing activities and other services performed for the User. Personal data will be deleted in the following cases:
- when the data subject requests their removal or withdraws their consent;
- when the data subject has not taken action for over 10 years (inactive contact);
- after obtaining information that the stored data is out of date or inaccurate.
Some data, like: email address, name and surname may be stored for a further 3 years for evidence purposes, consideration of complaints and claims related to services provided by the Website - these data will not be used for marketing purposes.
Data regarding orders for paid services, competitions and loyalty programs will be stored for a period of 6 years from the date of placing the Order.
We store data regarding unlogged Users for a period of time corresponding to the life cycle of cookies saved on devices or until they are deleted by the User in the User's device.
The User's personal data regarding preferences, behaviors and choice of marketing content can be used as a basis to make automated decisions to determine the Website's sales opportunities.
PERSONAL DATA RECIPIENTS
We transfer the Users' personal data to the following categories of recipients:
- state authorities, e.g. the prosecutor's office, the Police, President of the Office for Personal Data Protection, the President of the Office of Competition and Consumer Protection, if they ask for it,
- service providers that we use when running the Website, e.g. to process an order. Depending on the contractual arrangements and circumstances, these entities act on our behalf or independently define the purposes and methods of their processing, a list of suppliers can be found on our Website: https://tokeneo.com/list-of-service-providers/
Our suppliers are based mainly in Poland and other countries of the European Economic Area (EEA), as well as outside the EEA. The User's personal data transferred outside the EEA will be protected by appropriate legal safeguards, so that our suppliers guarantee a high level of personal data protection. These guarantees arise in particular from the obligation to use standard contractual clauses adopted by the Commission (EU) or to participate in the "Privacy Shield" program established by Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided through the EU-US Privacy Shield.
THE RIGHTS OF THE DATA OWNER
According to the GDPR (General Data Protection Regulation), the User has the right to:
- request access to their personal data;
- request rectification of their personal data;
- request deletion of their personal data;
- request to limit the processing of personal data;
- object to the processing of personal data;
- request to transfer personal data.
The administrator of personal data will without delay - within a month of receiving the request - provide the User with information about the actions taken in relation to your request. If necessary, the monthly period may be extended by another two months due to the complex nature of the request or the number of requests.
In any case, the Personal Data Administrator will inform the User about such an extension within one month of receiving the request, stating the reasons for the delay.
THE RIGHT TO ACCESS PERSONAL DATA (ARTICLE 15 OF THE GDPR)
You have the right to obtain information from the Administrator of whether your personal data is processed.
If the Administrator processes the User personal data, they have the right to:
- access the personal data;
- obtain information about the purposes of processing, categories of personal data processed, about recipients or categories of recipients of such data, the planned period of storage of the User's data or about the criteria for determining this period, about the User's rights under the GDPR and about the right to lodge a complaint to the supervisory body, about the source of these data on automated decision making, including profiling, and on safeguards used in connection with the transfer of such data outside the European Union;
- obtain a copy of the User's personal data.
If the User wants to request access to their personal data, submit a request at: [email protected]
RIGHT TO CORRECT PERSONAL DATA (ARTICLE 16 OF THE GDPR)
If the User's personal data is incorrect, the User has the right to request the Administrator to immediately correct their personal data.
The User also has the right to request the Administrator to complete their personal data.
If the User wants to request rectification or completion of their personal data, they should submit requests to: [email protected]
If the User has registered on the Website, they can correct and complete their personal data after logging in to the Website.
THE RIGHT TO DELETE PERSONAL DATA, 'THE RIGHT TO BE FORGOTTEN' (ARTICLE 17 OF THE GDPR)
The User has the right to request the Personal Data Administrator to delete their personal data, in given instances:
- the User's personal data has ceased to be necessary for the purposes for which it was collected or otherwise processed;
- the User has withdrawn specific consent to the extent that personal data was processed based on their consent;
- the User's personal data has been processed unlawfully;
- the User has objected to the processing of their personal data for the purposes of direct marketing, including profiling, to the extent that the processing of personal data is related to direct marketing;
- the User has filed an objection to the processing of their personal data in connection with the processing necessary for the performance of a task carried out in the public interest or the processing necessary for the purposes of legitimate interests pursued by the personal data Administrator or a third party.
Despite submitting a request to delete personal data, the Personal Data Administrator may process the User's data further to determine, assert or defend claims, of which the User will be informed.
If the User wants to request deletion of their personal data, they should submit requests to: [email protected]
THE RIGHT TO REQUEST A RESTRICTION ON THE PROCESSING OF PERSONAL DATA (ARTICLE 18 OF THE GDPR)
The User has the right to request the restriction of the processing of their personal data when:
- the User questions the correctness of their personal data - the Personal Data Administrator will limit the processing of the data for a time allowing to check their correctness
- when the processing of your data is unlawful, and instead of deleting personal data, you request that the processing of your personal data be restricted;
- the User's personal data is no longer needed for processing purposes, but it is needed to establish, assert or to defend their claims;
- when the User objected to the processing of their personal data - until it is determined whether the legitimate interests of the Administrator of personal data prevail over the grounds indicated in their objection.
If the User wants to request the restriction of the processing of their personal data, they should submit requests to: [email protected]
THE RIGHT TO OBJECTS A PROCESSING OF PERSONAL DATA (ARTICLE 21 OF THE GDPR)
The User has the right to object the processing of their personal data, including profiling, at any time in connection with:
- processing necessary to perform a task carried out in the public interest or processing necessary for purposes arising from legitimate interests pursued by the personal data Administrator or a third party;
- processing for direct marketing
If the User wants to object the processing of their personal data, they should submit requests to: [email protected]
THE RIGHT TO REQUEST A TRANSFER OF PERSONAL DATA (ARTICLE 20 OF THE GDPR)
The User has the right to receive their personal data from the Administrator in a structured, commonly used machine-readable format, and send it to another personal data administrator.
The User can also request that the Personal Data Administrator directly sends their personal data to another administrator (if it is technically possible).
If the User wants to request the transfer of the processing of their personal data, they should submit requests to: [email protected]
THE RIGHT TO WITHDRAW CONSENT
The User can withdraw their consent to process their personal data at any time.
Withdrawal of consent to the processing of personal data does not affect the lawfulness of the processing carried out on the basis of their consent before its withdrawal.
If the User wants to request the withdrawal of their consent of the processing of their personal data, they should submit requests to: [email protected] or use the appropriate functionalities on the Website.
COMPLAINT TO THE SUPERVISORY AUTHORITY
If the User think that the processing of their personal data violates the GDPR, they have the right to lodge a complaint with the supervisory authority, in particular in the Member State of their habitual residence, place of work or place of alleged infringement.
In Poland, the supervisory body within the meaning of the GDPR is the President of the Office for Personal Data Protection (PUODO).
Notice of withdrawal from the contract for the provision of services
(information on exercising the right to withdraw from the service contract)
The right to withdraw from the contract for the provision of services
The User has the right to withdraw from the contract for the provision of services within 14 days without giving any reason. The deadline to withdraw from the contract expires after 14 days from the date of the conclusion of the contract.
To exercise the right of withdrawal, the User must inform TOKENEO TEO OÜ, Maakri Street 19-7K, 10-145 Tallinn, Estonia, email: [email protected], about their decision to withdraw from this contract by an unequivocal statement (for example, a letter sent by post, fax or e-mail). The User can use the model withdrawal form, but it is not mandatory.
To meet the deadline to withdraw from the contract, the User only needs to send information regarding the exercise of their right to withdraw from the contract before the deadline.
Effects of withdrawal from the contract
In the event of withdrawal from the contract for the provision of a paid service, we will refund all payments received from the User immediately, no later than 14 days from the day on which we were informed of their decision. The refund of payments will be made using the same payment methods that were used in the original transaction, unless the User has expressed otherwise; in any case, the User will not incur any fees in connection with this refund.
If the User did not request the provision of services before the deadline to withdraw from the contract, in the case of paid services they will pay us an amount proportional to the scope of services fulfilled, until they inform us of their withdrawal from this contract.