PRIVACY POLICY AND PERSONAL DATA PROTECTION WITH COOKIES POLICY FOR TUFSOFTWARE.COM WEBSITE AND BOT CHAT

Preliminary issues

  1. This Privacy Policy is effective from February 9, 2021 and its provisions have been adapted to the requirements of Regulation (EU) 2016/672 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the flow of such data and the repeal of Directive 95/46 / EC and the Act of 10 May 2018 on the protection of personal data (hereinafter referred to as the "Privacy Policy").
  2. The purpose of implementing this Privacy Policy is to ensure people using the Administrator's services for their privacy and protection of their personal data. The Privacy Policy defines the rules and purposes of the processing of personal data by the Administrator.

Glossary

  1. For the purposes of this document:
    1. "Personal Data Administrator", "Administrator", means TUF Software SA, with its registered office in Warsaw, Poland (postal code: 00-238) at Długa 29 Street; Tax number: 5252858073
    2. "Personal data" means information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is a person who can be directly or indirectly identified, in particular on the basis of an identifier such as, for example, name and surname, identification number, location data, internet identifier or one or more specific physical, physiological, genetic factors, the mental, economic, cultural or social identity of a natural person;
    3. "Data Protection Officer" means a person appointed by the Administrator in order to implement the obligations implemented by the Administrator in the field of personal data protection;
    4. "Breach of personal data protection" means a breach of security leading to the accidental or unlawful destruction, loss, modification, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise processed;
    5. "Newsletter" means an electronic form of the letter used to send the Service Recipient of commercial and marketing information;
    6. "Recipient" means a natural or legal person, public authority, agency or other body to whom personal data is disclosed, whether or not it is a third party. However, public authorities that may receive personal data as part of a specific proceeding under Union or Member State law are not considered recipients; the processing of these data by those public authorities must comply with the applicable data protection rules according to the purposes of the processing;
    7. "Restriction of processing" means the marking of stored personal data with the aim of limiting their processing in the future;
    8. "Supervisory authority" means an independent public authority which is established by a Member State pursuant to Art. 51 of the Regulation, which is the President of the Personal Data Protection Office;
    9. "Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Administrator;
    10. "Data confidentiality" means the property that ensures that data is not made available to unauthorized parties;
    11. "Processing" means an operation or set of operations performed on personal data or sets of personal data by automated or non-automated means, such as collecting, recording, organizing, storing, adapting or modifying, downloading, viewing, using, disclosing by sending, disseminating or other types of sharing, matching or combining, limiting, deleting or destroying;
    12. "Regulation" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC;
    13. "Act" - means the Act of May 10, 2018 on the protection of personal data;
    14. "Erasure of data" means the destruction of personal data or such modification of it which does not allow the identification of the data subject ("anonymization"),
    15. "Consent of the data subject" means the free, specific, informed and unambiguous demonstration of the will to which the data subject, in the form of a declaration or a clear affirmative action, allows the processing of personal data concerning him;
    16. “Chatbot” - the Service Provider's computer program operating as part of the Messenger application (provided by Meta company) with the functionality of the so-called chatbot, i.e. acting as a virtual sales and customer service assistant, in accordance with the provisions of these Regulations;
    17. “Terminal device” - an electronic device (e.g. computer, smartphone) enabling connection to the Internet and allowing the use of Chatbot functionality via Messenger;
    18. "Application" - a computer program that allows the transmission of images and content sent by Messenger via the Internet and their reception on the End Device;
    19. "User" - a natural person using contact form available on the Website or using the Chatbot functionality, with full legal capacity, as well as a legal person or an organizational unit without legal personality, for which the law grants legal capacity, for which the person authorized to represent it acts;
    20. "Cookies" - Cookies are small pieces of text information in the form of text files saved on the computer or in the browser of the person using the Website. Detailed information on cookies can be found by the User, among others. at the following link: https://pl.wikipedia.org/wiki/HTTP_cookie;
    21. “Facebook" – social networking site with all its functionalities at www.facebook.com, owned by Meta, Inc. and managed by it;
    22. “Messenger” – an application operating as part of the Facebook portal, with the functionality of the messenger (i.e. enabling text and voice communication);
    23. “Fanpage” – Facebook profile athttps://www.facebook.com/tufsoftware
    24. “Linkedin” - Linkedin profile at:https://www.linkedin.com/company/tuf-software-sa
    25. “YouTube” - YouTube Profile at:https://www.youtube.com/channel/UCg5Qpava17dHIevemuxVBcw
    26. “Website” – Service Provider's website at the addresshttps://tufsoftware.com

Personal Data Administrator.

  1. The Administrator of the Service Recipient's personal data in the field of the provision of services under the contract for the provision of electronic services described in detail in the Regulations is TUF Software SA, based in Warsaw, Poland  (postal code: 00-238) at Długa 29 Street;
  2. Contact with the Administrator in any matter related to the protection of personal data is possible in writing - at the address: ul. Długa 29, 00-238 Warsaw or electronically - to the e-mail address iod@tuf.pl or by phone - by phone +48 530 573 553.
  3. The Personal Data Administrator has appointed a Personal Data Inspector, with whom contact in all matters related to the protection of personal data is possible in writing - to the address: ul. Długa 29, 00-238 Warsaw or electronically - to the e-mail address iod@tuf.pl or by phone - by phone +48 530 573 553.
  4. The Personal Data Administrator ensures that he makes every effort to ensure that the processing of personal data by him takes place with the greatest respect for the privacy of persons whose data is processed and with the utmost care for the security of personal data processed, and in particular ensures that he has taken all measures of physical protection provided for by law., teleinformation and organizational, aimed at securing personal data sets. The physical, ICT and organizational measures used by the Personal Data Administrator to ensure the protection of the processed personal data appropriate to the threats and categories of data protected, in particular, protects the data against unauthorized disclosure, removal by an unauthorized person, processing in violation of the Regulation and their change or loss, damage or destruction.

Personal data. Purposes, principles and scope of processing.

  1. Providing personal data by the User is voluntary, however, it is a condition for presenting an offer and concluding a contract. Failure to provide personal data results in the inability to send the offer and the Administrator to perform the service related to the concluded contract for the provision of electronic services.
  2. The User’s personal data, including those processed via Chatbot, are processed solely for purposes:
    1. providing a service that allows the presentation of an offer for selected services corresponding to the preferences of the User;
    2. contact in all matters related to the presentation of the offer, selection of the service and the possible conclusion of the contract for the services provided by the Administrator - data processing is carried out on the basis of art. 6 (1) (b) GDPR, i.e. processing is necessary for the performance of a contract to which the data subject is party, or to take action at the request of the data subject, prior to entering into a contract;
    3. sending commercial and marketing information - data processing is carried out on the basis of art. 6 sec. 1 lit. a) GDPR, i.e. based on the consent given voluntarily by the User;
    4. establishing, investigating or defending the Administrator's claims, including for debt collection purposes and for conducting court proceedings - data processing is carried out on the basis of art. 6 sec. 1 letter f) of the GDPR, i.e. based on the legitimate interests of the Administrator;
    5. considering complaints - pursuant to art. 6 section 1 lit. c) GDPR, i.e. processing is necessary to fulfill the legal obligation incumbent on the administrator, resulting from the provisions of the Act of 18 July 2002 on the provision of electronic services (Journal of Laws No. 144 item 1204, as amended);
    6. managing the requests and requests of the Service Users in order to fulfill the obligations incumbent on the Administrator corresponding to the rights of the data subject specified in art. 15 - 21 GDPR - data processing is carried out on the basis of art. 6 sec. 1 letter c) of the GDPR, i.e. processing is necessary to fulfill the legal obligation incumbent on the administrator;
    7. archiving and statistical pursuant to art. 6 sec. 1 letter e) and f) of the GDPR;
    8. analytical and statistical pursuant to art. 6 sec. 1 lit. f) GDPR, i.e. based on the legitimate interest of the Administrator, which is to analyze the results of the business, develop strategies and forecasts, and survey User satisfaction.
  3. The Administrator processes only the data necessary to select the offer that will be presented to the User and necessary to contact the User:
    1. through the contact form, the Administrator collects the following data: name, surname, e-mail address, telephone number;
    2. via Chatbot in the Messenger application, the Administrator collects data: name and surname, gender, profile picture in the Facebook.com application, language data, e-mail address and contact telephone number.
  4. The User’s personal data will be processed in the period from the date of the User request to submit an offer via the contact form, Chatbot or otherwise, but not less than the date on which the offer and the concluded contract would expire. In the case of processing personal data in order to fulfill the Administrator's obligations under the law or the legitimate interests of the Administrator, the processing will take place within the time limits resulting from these provisions. Data processed for statistical purposes will be processed within 5 years from the date of the contract.

Rights of the User related to the processing of his personal data

  1. The User has the right to withdraw his consent to the processing of his personal data for the purposes for which this consent was necessary. Withdrawal of the consent given does not affect the lawfulness of the processing which was carried out on the basis of the consent expressed by the User before its withdrawal.
  2. The User has the right to request access to his personal data, he is entitled to obtain from the Administrator confirmation of their processing and information regarding: the purpose of processing, categories of data processed by the Personal Data Administrator, information about recipients or categories of recipients to whom the data has been or will be disclosed, planned the period of data processing, about the rights of the User regarding the processing and protection of the processing of his personal data. At the request of the Service User, the Administrator will provide a copy of the personal data subject to processing.
  3. The User has the right to request the Administrator to immediately rectify incorrect data concerning him and to request that incomplete data be supplemented, including by submitting an additional statement.
  4. The User has the right to delete his data ("the right to be forgotten"), and the Administrator is obliged to remove them immediately in a situation where:
    1. the User’s personal data are no longer necessary for the purposes for which they were collected,
    2. The User has withdrawn his consent on the basis of which the processing of his data is based,
    3. The User has objected to the processing of his personal data,
    4. The User’s personal data is processed unlawfully,
    5. Deletion of the User’s personal data is required in order to comply with the legal obligation provided for by law.
  1. - the above does not apply if the processing of the User’s personal data is necessary to establish, assert or defend claims and fulfill the obligations of the Personal Data Administrator resulting from the provisions of the Regulation and national legal acts. The Personal Data Administrator may refuse, in particular, to delete personal data, if the User has violated the terms of use of the website or obligations resulting from applicable law, and the User’s personal data is necessary for the Personal Data Administrator to clarify these circumstances and determine the User's liability.
  1. The User has the right to limit the processing of his personal data in cases where he questions the correctness of the data being processed, the processing is unlawful, and the Administrator opposes the deletion of the data, the Personal Data Administrator no longer needs the User's data, however, they are needed by the User to determine, investigate or defense of claims and when the User has objected to the processing.
  2. The User has the right to object at any time to the processing of personal data concerning him, and the Personal Data Administrator is no longer allowed to process his personal data, unless he demonstrates the existence of valid legally justified grounds for further processing.
  3. The User also has the right to transfer data, the Administrator is then obliged to provide the User's data in a structured, commonly used machine-readable format. The User has the right to send the data obtained in this way to another entity without any obstacles on the part of the Personal Data Administrator in accordance with the terms of the Regulation.
  4. The User has the right to lodge a complaint with the supervisory body: the President of the Personal Data Protection Office in the event of a breach of personal data protection by the Personal Data Administrator or the processing of the User's data contrary to the provisions on the protection of personal data.
  5. In order to exercise the above rights, the User asks the Personal Data Administrator or the appointed Personal Data Inspector.

Recipients of personal data (disclosure and entrustment of personal data)

  1. The Administrator provides the User’s personal data to entities and bodies authorized to process them on the basis of specific provisions, including: common and administrative courts, law enforcement authorities, court bailiffs, other government and local government administration bodies. The Administrator does not collect the consent of the User and does not inform about such disclosure to provide the User's personal data to the entities mentioned.
  2. The administrator entrusts personal data to entities performing on his behalf services necessary for the performance of activities and the provision of services related to the performance of the contract for the Uaer: IT service providers, entities providing accounting, advisory, legal, marketing, payment and other services, if they are necessary for achieving specific economic goals of the Administrator;
  3. The administrator provides the Users's personal data to the owner of the Meta social network on the non-changeable data rules specified by Meta available at https://www.facebook.com/business/gdpr and https://www.facebook.com/about/privacy.
  4. If on the website of the Personal Data Administrator there are links (links) leading to other websites not administered by him, the Personal Data Administrator is not responsible for the content of these websites or for the level of privacy protection provided by the administrators of these websites. When deciding to go to the websites to which the links lead, the User does it at his own risk.

Responsibility of the User

  1. The User is responsible for the correctness and compliance with the facts of the personal data provided.
  2. If the User provides the data of a third party in order to perform the contract with the Service Provider, he is responsible for the correctness and compliance with the facts of the personal data provided.

Information on the protection of personal data for a person who is not a User

  1. In a situation where the User, in order to conclude and perform the contract with the Service Provider, provides personal data of other persons (e.g. a co-worker), the Service Provider will inform this person about the method of processing their personal data by the Service Provider, via the Information Clause sent to the third party's e-mail address.

Interruption of the conversation with Chatbot and removal of the User's personal data

  1. The User has the right to terminate the conversation with Chatbot at any time by closing the chat window in the Messenger application.
  2. Closing the Messenger application during the ongoing conversation will not delete the data provided by the User during the conversation with Chatbot.
  3. The User may delete the data from the conversation, however, it is not tantamount to the deletion of this data by the Administrator.
  4. After 15 months from the date on which the User started a conversation with Chatbot, the User’s data will be limited to further processing for statistical purposes, and data not needed by the Administrator will be deleted. The User’s data may be deleted at the User's express request sent to the Administrator in the manner specified in this Privacy Policy at an earlier date, however, the request to delete data will not include personal data, the further processing of which will take place for statistical purposes.

Processing for analytical and statistical purposes

  1. The administrator will process personal data for analytical and statistical purposes pursuant to art. 6 sec. 1 lit. f) GDPR, i.e. based on the legitimate interest of the Administrator, which is to analyze the results of the business, develop strategies and forecasts, and survey customer satisfaction.
  2. For this purpose, the Administrator will limit the processing of personal data to the data necessary to achieve the above-mentioned purpose. The processing of data for analytical and statistical purposes will be carried out in a way that prevents the identification of the data subject.

Newsletter

  1. Receiving the newsletter by the User is possible only after consenting to the processing of personal data, the processing of personal data for marketing purposes in accordance with the Act of July 16, 2004 - Telecommunications Law and consent to receive commercial information by electronic means in accordance with the Act of July 18, 2002 year - for the provision of electronic services.
  2. Resignation from receiving marketing and promotional information as well as commercial information via the newsletter is possible by sending to the e-mail address iod@tuf.pl from the address provided during registration to the newsletter a request to remove the address from the website database with the note "Unsubscribe from the newsletter". The User may also unsubscribe from receiving the newsletter by using the resignation link.

Profiling and automated decision making techniques

  1. The processing of personal data by the Administrator includes profiling the User’s data. Profiling means any form of automated processing of personal data by the Administrator, which consists in using the User’s personal data to assess certain personal factors, in particular to analyze or forecast the preferences, interests, reliability, behavior, location or movement of the User.
  2. In the process of performing the contract, in order to find the best offer for you, we make decisions in an automated manner (without human influence) based on the data we have from you. Decisions made in this automated way have an impact on the selection of products offered to you. Automated decision-making in order to present the best offer is necessary to conclude and perform a contract with TUF Software SA based in Warsaw, Poland. More information about profiling can be found in the Privacy Policy tab.
  3. The User has the right to object only to profiling by the Administrator processing personal data in order to pursue the public interest or his own, legitimate interest, if he considers that profiling violates his rights and freedoms, unless the Data Administrator demonstrates the superiority of his own interest over the rights and freedoms of the person.
  4. The right to object is excluded when profiling is necessary to conclude a contract or take action before concluding a contract, it is allowed by European Union law or the law of the Member State to which the Data Administrator is subject and provides for the implementation of measures to protect rights and freedoms, the person himself has consented.
  5. The User may object to profiling in any form via the available communication channels with the Administrator.
  6. The Administrator implements appropriate measures to protect the rights, freedoms and legitimate interests of the User.

SOCIAL MEDIA PROFILES

  1. The personal data administrator runs profiles on Facebook.com, Linkedin.com and YouTube.com
  2. In connection with the keeping of profiles, the Administrator processes the data of the User:
    1. who have subscribed to the Administrator's profiles via the "Like" or "Follow" options;
    2. who published a comment on the Administrator's profiles under any of the posts published by the Administrator;
    3. who contacted the Administrator via a private message;
  3. The administrator processes personal data collected in the manner described above for the purpose:
    1. informing the User about the Administrator's activities,
    2. promoting events organized by the Administrator,
    3. promoting the Administrator's brand, products and services offered by the Administrator,
    4. building and maintaining the Administrator's community, and for communication via the available functionalities of Facebook and Linkedin,
    5. in order to possibly establish, investigate or defend against claims;
    6. for analytical purposes regarding the analysis of the functioning, popularity and method of using the Administrator's profiles.
  4. The personal data administrator processes the following data via profiles:
    1. basic identification data (name and surname) in the scope published by the User on the profile belonging to him on the social networking site Facebook or Linkedin;
    2. data published by the User on the profile;
    3. anonymous statistical data on people visiting the Administrator's profiles available via the function provided by Facebook, Linkedin and YouTube in accordance with the non-changeable conditions of using these websites, collected thanks to "cookies", each of which contains a unique code of the User that can be associated with connection data Recipients registered on Facebook, Linkedin or YouTube and which is downloaded and processed when the Administrator's profile is opened.
  5. The personal data administrator also uses the Facebook.com, Linkedin.com and YouTube.com plugins available on the Website. Information on data processing using plugins is described in the Cookies Policy.

COOKIES POLICY:

    1. The administrator uses cookies on the website;
    2. The administrator uses:
      1. Session cookies (transient cookies): i.e. files that are stored on the User's device each time until the end of a given browser session. When the browser is closed, these files are permanently deleted from the device's memory;
      2. persistent cookies: i.e. files that are stored on the User's device until they are deleted - this means that, unlike session cookies, closing the browser does not delete persistent cookies.
    3. The Administrator processes or may process the data contained in cookies when used by the User for the following purposes:
      1. In the case of functional cookies (cookies technically necessary for the proper use of the Website), it is about the processing of information for the proper functioning of the Website, i.e.:
        1. adjusting the Website to the User's preferences;
        2. optimizing the use of the Website;
        3. remembering the history of visited pages;
        4. adjusting the appearance of the Website, including font size, graphics layout, etc.;
        5. creating anonymous statistics that help to understand how Users use the Website;
        6. ensuring the security and reliability of the Website.
        7. The legal basis for the processing of personal data using technically necessary cookies is Art. 6 sec. 1 lit. f) GDPR;
      2. In the case of preferential cookies, statistical cookies (cookies used to determine the manner and preferences of using the Website by the User) and marketing cookies (cookies used to request the User with commercial information) - the Administrator uses these cookies to analyze the use by the User from the Website. In order to analyze the way the User uses the Website, the Administrator uses the services of cooperating entities that use cookies (discussed in point 6 below). If the Administrator processes personal data using this type of cookies, he does so only with the consent of the User, in which case the legal basis for the processing of personal data using cookies for preferential, statistical and marketing purposes is Art. 6 sec. 1 lit. a) GDPR. With regard to personal data processed using preferential and statistical cookies, the legal basis is also Art. 6 sec. 1 lit. f) GDPR, because the Administrator has a legitimate interest in the fact that the Website works in an efficient and as efficient manner as possible and is beneficial for the User.
    4. The Administrator uses or may use cookies posted by entities cooperating with the Administrator via the Website for the following purposes:
      1. presenting multimedia content on the Website pages that are downloaded from www.youtube.com (Google Inc. based in the USA);
      2. collecting general and anonymous static data via tools:
        1. Google Analytics (Google Ireland Limited);The website uses Google Analytics. This service allows you to analyze the use of the website and regularly improve its functionality in a way that allows the website to be adapted to the needs of Users. Data from Google Analytics is transferred to a third country, i.e. to the United States of America. The conditions for the processing of personal data through Google Analytics are currently adapted to the provisions on the protection of personal data in the European Union in order to ensure compliance of the protection of personal data with the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016 on the protection of natural persons. with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (General Data Protection Regulation).
        2. Marketing Master Software (Administrator software)
        3. The Marketing Master Software system works on the basis of anonymised data. It is necessary for the proper functioning and use of the Website and cannot be turned off by the User. Marketing Master Software:
          1. collects information about the User's origin, i.e. information from where the User came to the Website (e.g. by clicking on the link on the Facebook social profile);
          2. assigns a phone number to be displayed to a given User on the Website;
          3. in addition to the address of the source page, this system collects information about the type of User's browser, User's IP, address of the target page and anonymized random ID of the User's browser.
      3. using the functions of social networking sites to promote the Website or TUF Software:
        1. Facebook.com (Meta Inc. based in the USA or Meta Platforms Ireland Ltd based in Ireland);
        2. In connection with the use of Facebook.com plugins on the website, the data collected through these plugins may be transferred to a third country, i.e. the United States of America. Facebook.com plugins process the personal data of Users who have active profiles on Facebook.com. The data is transferred to the United States of America on the basis of the rules described by Facebook.com at https://www.facebook.com/about/privacyshield
        1. Linkedin.com (Linkedin Corp. based in the US);
        2. In connection with the use of Linkedin.com plugins on the website, the data collected via these plugs may be transferred to a third country, i.e. the United States of America. Linkedin.com plugins process personal data of Users who have active profiles on Linkedin.com. Data transfer to the United States of America takes place on the basis of the principles described by Linkedin.com at https://www.linkedin.com/legal/privacy-policy
        1. YouTube.com (Google LLC, based in USA)
        2. In connection with the use of YouTube.com plugins on the website, the data collected via these plugs may be transferred to a third country, i.e. the United States of America. Youtube.com plugins process the personal data of Users who have active profiles on Youtube.com. The transfer of data to the United States of America takes place on the basis of the rules described by Youtube.com at https://policies.google.com/privacy?hl=en-US
    5. By default, most web browsers available on the market accept cookies by default. Everyone has the option to define the terms of using cookies using the settings of their own web browser. This means that you can partially limit (e.g. temporarily) or even completely disable the option of saving cookies - in the latter case, however, it may affect some functionalities of the Website.
    6. The web browser settings in the field of cookies are important from the point of view of consent to the use of cookies by the Administrator - in accordance with the law, such consent may also be expressed through the settings of the web browser. In the absence of such consent, the browser settings for cookies should be changed accordingly.
    7. Detailed information on changing cookie settings and their self-removal in web browsers is available in the help section of the web browser used by the User.

Changes to the Privacy Policy:

  1. The administrator has the right to make changes to this Privacy Policy, each time:
    1. there has been a change in the provisions governing the Administrator's business;
    2. there has been a change in the provisions on the protection of personal data;
    3. the functioning of the website www.tufsoftware.com or Chatbot will change, which will affect the rights and obligations of the User or the Administrator;
    4. it will be necessary to change the data of the Administrator or the Data Protection Officer appointed by him;
    5. the purposes, scope and rules for the processing of the User’s personal data will change.
  2. The Administrator will inform about the change in the content of this Privacy Policy on the Website.