1. GENERAL INFORMATION
This document informs about the methods of processing and protecting Personal Data taking into account the requirements resulting from EU provisions on the protection of personal data, i.e. Regulation (EU) 2016/679 of the European Parliament and of the Council, also referred to as the General Data Protection Regulation (hereinafter: ‘GDPR’). This document fulfills the obligations of the Company as the administrator of personal data pursuant to art. 13 and 14 GDPR.
2. WHO IS THE ADMINISTRATOR OF THE PERSONAL DATA
The controller of personal data is Inventive Logic limited liability/limited partnership company with headquarters in (80-386) Gdansk, ul. Lęborska 3B, registered in the Register of Entrepreneurs of the National Court Register (KRS), kept by the District Court Gdansk-Polnoc in Gdansk, VII Commercial Department of the National Court Register, under KRS number 0000709320, NIP number: 957-09-36-720, e-mail: firstname.lastname@example.org, tel.
• Polish-speaking customers: +47 21 999 413, +48 58 731 96 59,
• Norwegian-speaking customers: +47 21 984 118,
• English-speaking customers: +47 21 984 119,
• Lithuanian-speaking customers: +47 21 999 417,
• Russian-speaking customers: +47 21 988 830;
(Hereinafter referred to as: iLogic or Data Controller)
3. SCOPE OF THE PROCESSED PERSONAL DATA
Purposes and legal basis for the processing of Personal Data:
1. to the necessary extent for the use of the Services via the Website (Art. 6, section 1 (b) of the GDPR). The scope of required data may vary depending on the type of Service. In the basic scope, authentication with the Bank ID is required. In the scope of the Analytics, Assistant and Bisnode Report Services, the scope of processed data may include name and surname, e-mail address, telephone number, credit history, scoring.
2. on the basis of the consent given voluntarily (Art. 6, section 1(a) of the GDPR) in order to:
1) transfer such data to a Partner, according to the type of Service that the customer is interested in
3) on the basis of a voluntary consent resulting from specific provisions on marketing by electronic means and with the use of telecommunications terminal equipment (Article 172 of the Telecommunications Law, Article 10 of the Act on Providing Services by Electronic Means),
3. on the basis of a legitimate interest (Art. 6, section 1 (f) of the GDPR), in order to:
1) conduct research and analysis of Customers' expectations and needs as well as improvement and introduction of new services, as well as for statistical purposes,
2) provide commercial information and marketing content regarding products or services,
3) perform settlements of services conducted with a Partner;
4) organise or co-organise promotional campaigns or loyalty programs,
5) maintain payment services and other auxiliary services of third parties, which we use to provide the Services for you,
6) ensure safe usage of our websites and databases, enforce the Regulations, prevent frauds and abuses, and maintain the correctness and continuity of our systems, including by creating backup copies,
7) determine, pursue or defend the Data Controller’s claims and demonstrate compliance with the Data Controller’s obligations under the law,
8) defence against abuse and fraud in order to ensure legal and physical security of the Data Provider,
9) answer queries and requests submitted via the form on the website or by e-mail.
4. Fulfil the possible legal obligation to process your data (Art. 6, section 1 (c) of the GDPR).
4. RESTRICTIONS ON DATA PROCESSING
1. If we process your data based on your consent - e.g. for sending Partner's marketing information - you can always withdraw your consent. Consent may be revoked at any time by sending an email to email@example.com. Withdrawal of consent does not result in unlawfulness of actions taken prior to its withdrawal.
2. We will process your personal data for the period necessary to achieve the above-mentioned purposes, i.e.:
1) in particular for the duration of the service provided to you, and also after that:
2) for the period and to the extent required by law or
3) for the implementation by the Data Controller of legitimate interests to the extent outlined above, i.e. to the extent necessary for the pursuit and defence of claims - during the limitation period of any claims between the parties,
4) If we process your data based on your consent, we will continue to process it until the consent is withdrawn.
3. Providing your personal data is always voluntary, but is in some cases necessary to conclude and perform a contract for the provision of services to you. We always mark the fields and information that is required for us to make a deal with you and execute the contract, or for performing legal obligations.
5. TRANSFER OF PERSONAL DATA AND PROFILING
1. Your personal data may be transferred:
1) to public authorities and entities performing public tasks or acting on behalf of public authorities, to the extent and for purposes that in our reasonable belief result from legal provisions,
2) based on a separate consent or in connection with the performance of the contract (regulations) - to selected Partners, depending on the type of the Service - the current list of Partners is available on the Website at www.multinorfinans.no/partners.
3) based on the contract required by law - to entities that provide us with ancillary services, such as customer service, identity verification, delivery of the Bisnode Report, professional advisers and companies providing hosting and analytical services.
4) Based on the legitimate interest of the Data Controller - to the Partner - to conduct settlements of cooperation consisting in the provision of support and promotion services on behalf of the Partner.
2. Your data will be transferred outside the European Economic Area to our service providers in countries that ensure an adequate level of protection in accordance with the decision of the European Commission, or on the basis of the specific contract for the processing of personal data - the so-called Standard Contractual Clauses for data transfers between EU and non-EU approved by the European Commission. You will be able to obtain a copy of the transferred data by contacting us.
3. By providing Services to you on the Website, we will process your data automatically, including profiling by using some of the information you share with us to analyse or predict your personal preferences, interests or needs, but we will do it only in order to personalise the usage of the Services via the Website or to better match ads and commercial information to your needs. Therefore, it will never produce any legal effects or significantly affect your situation in a similar manner.
6. YOUR RIGHTS
1. All persons whose personal data is processed by iLogic have a number of rights arising from the processing of their personal data, including:
1) the right to access personal data, including the right to obtain a copy of such data,
2) the right to request correction (rectification) of personal data - when you notice that the data is incorrect or incomplete,
3) the right to request the deletion of personal data (the so-called "right to be forgotten") - provided, however, that the data is no longer necessary for the purposes for which it was collected or otherwise processed (e.g. under the condition of removing the account) or if you object to data processing or withdraw the consent on which the processing is based and there is no other legal ground for processing, or if the data is processed illegally or must be removed in order to comply with a legal obligation,
4) the right to request limitation of personal data processing - if you indicate that your data is incorrect, when data processing is unlawful but you do not want to delete it or when your data is no longer required, but you need it to determine, defend or pursue claims, or when you object to the processing of data - until it is determined whether the legitimate grounds for the processing of data by us take precedence over the basis of your objection,
5) the right to transfer personal data - if the processing is carried out automatically on the basis of a contract concluded with you or based on your consent,
6) the right to object to the processing of personal data, including profiling - if we process your data based on a legitimate interest and the opposition is justified by your special situation and when we process your data for direct marketing purposes and profile your data for marketing purposes.
2. All requests regarding the above rights can be submitted in writing or sent by e-mail to the Data Controller’s addresses indicated above. We will do our best to respond to your requests promptly, no later than one month after we have received them, unless they prove to be numerous or complicated. In this case, we will inform you about the deadline for replying. All requests are free of charge, but should they be found evidently unreasonable or excessive, we will be able to charge a reasonable fee, including communication fees or costs related to the performance of the requested actions, or refuse to take action on the request.
3. If you believe that the Data Controller has violated the law by processing your personal data, please write to us at the following e-mail address: firstname.lastname@example.org. You have the right to lodge a complaint with the supervisory body, i.e. the President of the Personal Data Protection Office.
4. It is possible at any time to resign from using the Services via the Website by sending an e-mail to email@example.com, without affecting the legality of the actions taken before resigning from the Services via the Website.
7. THIRD PARTY ACCESS TO DATA
Personal data is processed only by authorised employees or associates of iLogic or cooperating entities on the basis of a lawful contract of entrusting personal data for processing, who are both trained and authorised to do so.
8. SECURITY AND PROTECTION OF PERSONAL DATA
1. The Data Controller declares that it makes use of technical and organisational measures to ensure the protection of processed data according to their categories and possible threats, and protects in particular the Customer’s personal data against disclosure to unauthorised persons, loss, or damage.
3. Personal data is protected against unlawful disclosure to unauthorised persons, removal by unauthorised persons, destruction, loss, damage or alteration as well as processing contrary to the generally applicable law. We use appropriate security measures to protect your data. These include internal reviews of our data collection, storage and processing practices as well as physical and software security measures to guard against unauthorised access to systems where we store personal data.
9. TRANSFERRING COMMERCIAL INFORMATION BY ELECTRONIC MEANS OF COMMUNICATION
1. Transferring of commercial information by electronic means of communication can only take place after obtaining your voluntary consent.
2. Sending commercial information by electronic means in accordance with the Act of 18 July 2002 on Providing Services by Electronic Means will take place on the basis of your consent when you provide us with your email address.
3. The use of telecommunications terminal equipment and automatic calling systems for the purposes of direct marketing in accordance with the Act of 16 July 2004 - Telecommunications Law will take place on the basis of the granted consent when you provide us with your phone number or identification data of your communicator.
4. You can withdraw your consent to receive commercial information by electronic means at any time. It is enough to send us an e-mail containing withdrawal of consent to firstname.lastname@example.org.
1) The Data Controller uses so-called own cookies and other similar technologies for the following purposes:
• Website configuration,
• adjusting the content of the Website to the user's preferences and optimising the use of the Website,
• recognition of the Website user's device and its location, as well as displaying the website per user's individual needs,
• remembering the settings selected by the user and personalising the user interface,
• remembering the history of pages visited on the website in order to recommend content,
• font size, website appearance, etc.
• user authentication on the Website and providing user sessions,
• maintenance of the Website user's session (after logging in) to allow the user to use the Website without re-typing their login and password,
• correct configuration of selected Website functions, allowing, in particular, verification of the authenticity of the browser session,
• optimising and improvement of the performance of services provided by the Data Controller,
• implementation of the processes necessary for the full functionality of the websites,
• adjusting the content of the Website to the user's preferences and optimising the use of the Website. In particular, these files allow us to understand the basic parameters of the User's device and to properly display the Webpage tailored to their individual needs,
• remembering the user's location,
• the correct configuration of selected functions of the website, allowing, in particular, the adjustment of the information provided to the user, taking into account their location,
• analysis and testing, as well as internet audience measurement,
• to create anonymous statistics to help you understand how to use users utilise the Website, which can improve its structure and content,
• ensure the safety and reliability of the Website.
2) The Data Controller uses external cookies and other similar technologies for the following purposes:
• presenting multimedia content downloaded from external websites (including vimeo.com, youtube.com, wrzuta.pl)
• collecting general and anonymous static data via analytical tools (including Google Analytics),
• presenting advertisements tailored to user preferences by using an online advertising tool.
3. Server logs.
1) Using the website is associated with sending queries to the server on which the website is stored. Each query directed to the server is saved in the server's logs.
2) Logs include, among others, your IP address, server date and time, information about the web browser and the operating system you are using. Logs are saved and stored on the server.
3) The data saved in the server's logs is not associated with specific people using the site and are not used by us to identify you. The server's logs serve only as auxiliary material used to administer the site, and their content is not disclosed to anyone except those authorised to administer the server.
11. EXCLUSION OF LIABILITY
2. The Data Controller reserves the right to introduce changes, withdrawals or modifications of the functions or properties of the Website, as well as to cease operations, transfer rights to the Website and perform any legal actions permitted by applicable laws. All actions carried out by iLogic may not violate user's rights.
12. CONTACT WITH THE DATA CONTROLLER