Documents

Privacy Policy

This is an English translation provided for convenience. It does not constitute legal advice; the Polish-language version is the binding one.

Information on the processing of personal data

1. Personal Data Controller

  • 1.1. The Controller of your data is TUKANO SOFTWARE HOUSE SP. Z O.O., with its registered office in Warsaw (02-697) at ul. Rzymowskiego 34, entered in the Register of Entrepreneurs of the National Court Register under KRS number 0000825558, registry court: District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Division of the National Court Register, share capital PLN 5,000.00, NIP: 5213888584.
  • 1.2. You can contact the Data Controller on matters of personal data protection at: kontakt@tukano.com.pl.
  • 1.3. We have appointed a Data Protection Officer. To contact them, send a message to: iod@tukano.com.pl

2. Purpose and legal basis for processing

  • 2.1. The legal basis for the processing of personal data by the Data Controller is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: “GDPR”), as well as other applicable laws.
  • 2.2. Legal bases and purposes of data processing:
    • a) Art. 6(1)(b) and (c) GDPR — to perform a contract or to take steps towards concluding one at the request of the data subject, and to fulfil a legal obligation incumbent on the Data Controller.
    • b) Art. 6(1)(f) GDPR — to pursue the legitimate interests of the Data Controller or of a third party processing data on the Controller's authorization.
    • c) Art. 6(1)(a) GDPR — for the direct marketing of the products and services of the Data Controller and of entities cooperating with the Data Controller.
  • 2.3. The direct marketing referred to in point 2.2 may be carried out by the Data Controller by means of electronic communication, telecommunications terminal equipment and automated calling systems (after obtaining the appropriate consent).

3. Legitimate interests pursued by the controller or by a third party processing data on the Data Controller's authorization.

3.1. The Data Controller or a third party processes personal data on the basis of the following legitimate interests:

  • Ensuring the security of the flow of information to and from the Client;
  • Direct marketing of its own products and services;
  • Transferring personal data between the Data Controller and affiliated entities for internal administrative purposes;
  • Fraud prevention;
  • Securing potential claims of the Data Controller.

4. Data recipients

The collected personal data will be available to providers of tools and services supporting the handling of Users/Clients (subcontractors, payments, additional services), providers of services supporting marketing activities and the operations of the Data Controller, as well as other recipients where the need to transfer the data results from legal provisions. Data will be transferred in accordance with the requirements set out in the GDPR.

5. Transfer of personal data to a third country or international organization

5.1. The User's/Client's data may be transferred to recipients in countries outside the European Union in the following cases:

  • Where it is necessary to perform a contract or to take steps related to its conclusion;
  • Within the technical solutions used by the Data Controller (cloud computing, email, hosting);
  • where the User/Client has given consent.

6. Personal data retention period

6.1. The personal data provided to the Data Controller will be stored for the following periods:

  • Personal data processed for the purpose of concluding or performing a contract and fulfilling the Data Controller's legal obligations will be stored for the duration of the contract and, after it ends, for the period associated with the warranty available to Clients and any right to secure or pursue claims by the Data Controller against the User/Client, as well as to fulfil the Data Controller's legal obligations (e.g. tax settlements).
  • Personal data processed for the marketing of the Data Controller's own products and services in line with the legitimate interests pursued by the Data Controller or a third party will be processed until the data subject objects.
  • Personal data processed on the basis of separate consent will be processed until that consent is withdrawn.

7. Profiling

7.1. The Data Controller does not carry out profiling based on the personal data collected.

8. Rights of the User/Client

  • 8.1. The User/Client has the right to request from the Data Controller access to their personal data, its rectification, erasure or restriction of processing, the right to object to processing (applies to the personal data referred to in point 2.2(b)), and the right to data portability (e.g. transferring it to another data controller).
  • 8.2. If the Data Controller does not take action in response to the data subject's request, it informs the data subject without delay — and at the latest within one month of receiving the request — of the reasons for not taking action and of the possibility of lodging a complaint with the supervisory authority (the President of the Personal Data Protection Office) and of seeking judicial remedies.
  • 8.3. Where consent to the processing of personal data referred to in point 2.2(c) has been given, the Client has the right to withdraw such consent at any time, provided that such withdrawal does not affect the lawfulness of processing carried out on the basis of the consent before its withdrawal.
  • 8.4. Without prejudice to any other administrative or judicial remedies, every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement, if they consider that the processing of personal data relating to them infringes data protection law.
  • 8.5. Without prejudice to the available administrative or extrajudicial remedies, including the right to lodge a complaint with a supervisory authority pursuant to point 8.4, every data subject has the right to an effective judicial remedy if they consider that the processing of personal data relating to them infringes data protection law.

9. Obligations of the User/Client

  • 9.1. Providing personal data by the User/Client is voluntary; however, failure to provide it will result in the inability to perform the contract or the ordered services.
  • 9.2. When providing data to the Data Controller, the User/Client declares that the data they provide is consistent with their knowledge.

10. Collection and acquisition of personal data

  • 10.1. The Controller obtains information about users, among other things, by collecting server logs via the hosting operator.
  • 10.2. Data saved in server logs is not associated with specific people using the Service's website and is not used to identify people using the Service.
  • 10.3. Server logs serve solely as auxiliary material for administering the Service, and their content is not disclosed to anyone other than persons authorized to administer the server.
  • 10.4. Within the Service, the Controller may collect personal data of Users and potential Users who contact the Controller as part of User support, where such personal data is necessary to fulfil the User's request and to contact them in order to respond. The basis for processing is Art. 6(1)(a) GDPR — consent to processing. After any contact ends, the legal basis for processing will be the legitimate purpose of archiving correspondence in order to demonstrate its course in the future (pursuant to Art. 6(1)(f) GDPR). If a contract is concluded after the contact, the data will be processed on the basis of Art. 6(1)(b) GDPR.
  • 10.5. The Controller processes Users' personal data necessary for the proper provision of the services available in the Service and is entitled to use the data collected and stored within the Service for the following purposes: direct marketing of its own services (pursuant to Art. 6(1)(f) GDPR), ensuring full User support, including enabling the User to contact the Controller, resolving technical problems and providing relevant features (pursuant to Art. 6(1)(b) and (f) GDPR), tailoring the offer and the User's experience within the Service's features (pursuant to Art. 6(1)(b) and (f) GDPR), contacting Users, in particular for purposes related to the provision of services, User support, and permitted marketing activities (pursuant to Art. 6(1)(a), (b) and (f) GDPR), monitoring the activity of all and specific Users (pursuant to Art. 6(1)(f) GDPR), and assessing certain personal factors of the User (pursuant to Art. 6(1)(f) GDPR).
  • 10.6. The Controller is entitled to store the data collected and tracked within the Service solely to the extent necessary to achieve the purposes specified above.
  • 10.7. The Controller declares that providing data by the User, to the extent indicated above, is voluntary; however, failure to provide it may prevent the use of the Service's features.

Information about cookies

1. Cookie information

  • 1.1. The Service uses cookies.
  • 1.2. Cookies (so-called “cookies”) are IT data, in particular text files, that are stored on the end device of the Service User and are intended for use with the Service's websites. Cookies usually contain the name of the website they come from, how long they are stored on the end device, and a unique number.
  • 1.3. The entity that places cookies on the Service User's end device and accesses them is the Service Operator.
  • 1.4. Cookies are used for the following purposes:
    • 1.4.1. creating statistics that help understand how Service Users use the websites, which makes it possible to improve their structure and content;
    • 1.4.2. maintaining the Service User's session (after logging in), so that the User does not have to re-enter their login and password on every subpage of the Service;
    • 1.4.3. determining the user's profile in order to display tailored material to them in advertising networks, in particular the Google network.
  • 1.5. The Service uses two main types of cookies: “session” cookies and “persistent” cookies. “Session” cookies are temporary files that are stored on the User's end device until they log out, leave the website or switch off the software (web browser). “Persistent” cookies are stored on the User's end device for the time specified in the cookie parameters or until they are deleted by the User.
  • 1.6. Software for browsing websites (the web browser) usually allows cookies to be stored on the User's end device by default. Service Users can change their settings in this regard. The web browser allows cookies to be deleted. It is also possible to block cookies automatically. Detailed information on this can be found in the help or documentation of the web browser.
  • 1.7. Restrictions on the use of cookies may affect some of the functionality available on the Service's websites.
  • 1.8. Cookies placed on the Service User's end device may also be used by advertisers and partners cooperating with the Service operator.
  • 1.9. Cookies may be used by advertising networks, in particular the Google network, to display ads tailored to how the user uses the Service. For this purpose, they may store information about the user's navigation path or the time spent on a given page.
  • 1.10. Regarding information about user preferences collected by the Google advertising network, the user can view and edit information resulting from cookies using the tool: https://www.google.com/ads/preferences/

2. Server logs.

  • 2.1. Information about some user behaviour is logged at the server layer. This data is used solely to administer the website and to ensure the most efficient possible operation of the hosting services provided.
  • 2.2. Viewed resources are identified by URLs. In addition, the following may be recorded:
    • 2.2.1. the time the request arrived,
    • 2.2.2. the time the response was sent,
    • 2.2.3. the client station name — identification carried out via the HTTP protocol,
    • 2.2.4. information about errors that occurred during the HTTP transaction,
    • 2.2.5. the URL of the page previously visited by the user (referer link) — where access to the Service occurred via a link,
    • 2.2.6. information about the user's browser,
    • 2.2.7. information about the IP address.
  • 2.3. The above data is not associated with specific people browsing the pages.
  • 2.4. The above data is used solely for the purposes of server administration.

3. Managing cookies — how to give and withdraw consent in practice?

  • 3.1. If the user does not want to receive cookies, they can change their browser settings. Please note that disabling cookies that are necessary for authentication, security and maintaining user preferences may make it harder — and in extreme cases impossible — to use websites.
  • 3.2. To manage cookie settings, select your browser settings and follow the instructions provided.