PRIVACY POLICY OF THE HLPLAN.PRO WEBSITE


effective from 01.07.2021
Dear User and Service Recipient,

We make every effort to ensure the security and confidentiality of your personal data. We care about your privacy both when you visit our website, register an account and use our services, as well as when you contact us by phone, email, or via online chat, subscribe to the newsletter, or visit our social media channels. We act in accordance with the law, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (called "GDPR").

In this document, we want to present you with the most important information regarding the processing of your personal data. For simplicity, we have compiled them in the form of questions and answers. All this so that you can learn for what purpose, on what basis, and for how long we process your data, as well as who may have access to them and what rights you are entitled to.

HOW DO WE COLLECT YOUR PERSONAL DATA?

When using the hlplan.pro website (hereinafter: "Website"), you may be asked to provide your personal data. Providing data is voluntary, but in certain situations, it may be necessary. For example, without providing an email address, you will not receive a newsletter from us, we will not register your account, nor will we provide you with an email response to a question asked through the contact form.

Some data is collected automatically through cookies during your visit to the Website (e.g., IP address, browser type, operating system type, etc.). They are used to administer the website, provide hosting services, and create appropriate marketing content. However, you can freely block and limit the installation of cookies through your browser settings or using other (free) solutions.

WHO IS THE CONTROLLER OF YOUR PERSONAL DATA?

The controller of your personal data is Mariusz Kozłowski conducting business activity Mariusz Kozłowski at the address Św. Bonifacego 88/19 Warszawa 02-940 Tax ID: 5213158472 REGON: 368994691

If you have questions or concerns, you can contact us electronically at the following email address: info[at]hlplan.pro

FOR WHAT PURPOSE, ON WHAT LEGAL BASIS, AND FOR HOW LONG DO WE PROCESS YOUR DATA?

We process your personal data for the purpose of:

  1. concluding and performing a service contract (registering and maintaining a service recipient account, placing orders for free and paid services, contract execution):
    • the legal basis is the necessity of processing for the performance of a contract or to take steps at the request of the data subject prior to entering into a contract (Art. 6(1)(b) GDPR),
    • the data will be processed until the end of the service provision (deletion of the service recipient account, termination of the service contract);
  2. fulfilling tax obligations (issuing invoices, storing accounting documentation):
    • the legal basis is a legal obligation incumbent on us (Art. 6(1)(c) GDPR),
    • the data will be processed until the expiry of the limitation periods for tax liabilities;
  3. fulfilling obligations in the field of personal data protection:
    • the legal basis is a legal obligation incumbent on us (Art. 6(1)(c) GDPR),
    • the data will be processed until the expiry of the limitation periods for claims arising from violations of personal data protection regulations;
  4. establishing, pursuing, and defending potential claims:
    • the legal basis is our legitimate interest (Art. 6(1)(f) GDPR), which we have in taking actions aimed at protecting our rights in proceedings before courts and other state authorities,
    • the data will be processed until the expiry of the limitation periods for claims resulting from applicable legal provisions;
  5. ensuring the proper functioning of the Website and analyzing the activity of Website users:
    • the legal basis is our legitimate interest (Art. 6(1)(f) GDPR), which we have in conducting analyses and statistics on the use of individual Website functionalities (e.g., Google Analytics cookies, Facebook Pixel),
    • the data will be processed until an effective objection is lodged or the purpose of processing is achieved;
  6. maintaining a Facebook fanpage and a group called HL Plan and interacting with users of the aforementioned social media:
    • the legal basis is our legitimate interest (Art. 6(1)(f) GDPR), which we have in promoting the Website and adapting its functionalities to current needs,
    • the data will be processed until the expiry of the limitation periods for claims resulting from applicable legal provisions;
  7. providing you with answers to questions directed to us by phone or electronically, including through the form available on the Website and online chat:
    • the legal basis is our legitimate interest (Art. 6(1)(f) GDPR), which we have in communicating with our customers and answering questions from our potential customers or other persons interested in our products and services,
    • the data will be processed until the expiry of the limitation periods for claims resulting from applicable legal provisions;
  8. marketing purposes (promotion of our goods and services):
    • the legal basis is our legitimate interest (Art. 6(1)(f) GDPR), which we have in maintaining business relationships with customers and examining their satisfaction, taking care of our own interests and image, or accordingly, the voluntary consent of the person who expressed it for a specific purpose (Art. 6(1)(a) GDPR),
    • the data will be processed until an effective objection is lodged or the purpose of processing is achieved, and in the case where the basis for processing is consent - until consent is withdrawn (whereby the withdrawal of consent does not affect the legality of processing data before its withdrawal)

REMEMBER!

We process personal data for as long as necessary to achieve the purposes indicated above, unless you submit a valid and correct request to delete your personal data. Moreover, the processing period may depend on the content of legal provisions that are binding on us, e.g., in the case of storing financial documents or limitation periods for claims.

WHO MAY BE THE RECIPIENT OF YOUR PERSONAL DATA?

In some situations, if it proves necessary to achieve the purposes of data processing, we use the support and assistance of external entities. However, each time, before transferring personal data, we require their recipients to guarantee adequate protection and confidentiality.

The recipients of your personal data may be:

  1. entities co-participating in the performance of our contracts, e.g.: accounting office, IT service providers, hosting service providers, payment system providers,
  2. entities whose help and services we use in the scope of our business activity based on separate contracts, e.g.: providers of tools for analyzing activities on the Website and direct marketing, providers of tools for creating landing pages and collecting leads, providers of office systems, providers of project management software, providers of communication software,
  3. authorized state authorities under applicable legal provisions,
  4. other entities whose request for data transfer is justified in applicable legal provisions.

DO WE TRANSFER PERSONAL DATA TO THIRD COUNTRIES?

As a rule, we do not transfer personal data to countries outside the European Union and the European Economic Area (EEA). However, if such a need arises in connection with the provision of services, we will assess the circumstances and ensure an adequate level of data security so that processing takes place in accordance with applicable legal regulations.

When running the Website, we use services and technologies offered by entities such as Facebook, Google, MailJet, which have their headquarters in the United States and may partially process personal data using servers located outside the European Economic Area (EEA). In light of GDPR provisions, these are so-called entities located in third countries, for which it is necessary to demonstrate the provision of an adequate level of protection or a reference to appropriate safeguards.

We assure that the aforementioned entities apply compliance mechanisms provided for by the GDPR (e.g., certificates) or standard contractual clauses adopted by the European Commission (Art. 46(2)(c) GDPR). More information on the principles of data processing by the aforementioned entities can be found on the websites of the providers of these services.

DO WE PROFILE YOUR PERSONAL DATA?

As part of the Website and the technologies used, we may perform profiling. It consists of using user data (i.e., gender, age, interests, approximate location, behavior on the Website) to assess their activity and potential interest in services.

Profiling allows for personalizing offers and advertisements directed to users, but it does not affect the rules and conditions of the concluded service contracts. The processed information is anonymous and is not associated with the user ordering services. Therefore, we do not make any automated decisions that could have legal effects on natural persons or could affect them in a similarly significant manner.

WHAT PERSONAL DATA DO WE PROCESS AS A PROCESSOR AND HOW DO WE COLLECT IT?

Based on the terms of service provision and possibly other separate agreements, we also act as a processor processing personal data. This data is collected and then recorded in the system directly by the controller of this data, which is Mariusz Kozłowski.

As a processor, we process data only on documented instructions from the controller of this data (based on a data processing agreement), committing ourselves to properly secure it through the application of appropriate technical and organizational measures and ensuring an adequate level of security corresponding to the risks related to the processing of personal data (in accordance with Art. 32 GDPR). We also ensure that persons authorized by us to process have committed themselves to maintaining confidentiality. After the completion of services related to the processing of personal data entrusted to us, we will return all of them to the controller of this data (the client) and delete existing copies, unless applicable law requires us to store personal data.

DO WE USE COOKIES?

On the Website, we use so-called cookies, which are short text information stored on the computer, phone, tablet, or other device of the user, which can be read by our system, as well as by systems belonging to other entities whose services we use: Facebook, Google, Smartsupp.

Thanks to cookies, we collect anonymous data about users' visits to the Website, which we can use to improve the functionality of the Website, identify errors, or for marketing activities.

Typically, internet browsers by default allow the use of cookies on the end device. However, users can block and limit the installation of cookies at their discretion through the settings of their browser or using other (free) solutions. During your first visit to the Website, we will display information about the use of cookies. If you do not change your browser settings, you will consent to their use. More information on how to change cookie settings can be found on the website of your internet browser.

We inform you that disabling or limiting the use of cookies may cause difficulties in using the website, e.g., it may cause a longer loading time of the page or limitations in using functionalities or liking the page on Facebook.

HOW DO WE PROTECT YOUR DATA?

In order to ensure a high and consistent level of protection, we apply security measures appropriate to processing for the IT environment, as well as technical and organizational measures, among which are:

  1. TLS protocol encryption,
  2. creating security copies,
  3. equipping data centers with data protection mechanisms,
  4. monitoring the security of personal data,
  5. minimizing the risk of potential abuses and quickly responding in case of their occurrence,
  6. implementing a data protection policy,
  7. ensuring continuous confidentiality, integrity, availability, and resilience of processing systems and services,
  8. enabling access to personal data only to authorized persons,
  9. creating and regularly changing access passwords to systems in which personal data are processed.

WHAT RIGHTS DO PERSONS WHOSE DATA WE PROCESS HAVE?

Persons whose data we process have the right to:

  1. access their personal data;
  2. rectify personal data;
  3. erase personal data;
  4. restrict the processing of personal data;
  5. object to the processing of personal data;
  6. data portability;
  7. withdraw consent to data processing (if consent is the basis for processing).

The rights listed above are not absolute and in some situations, after analysis, we may legally refuse to fulfill them.

We also inform that the withdrawal of consent for data processing will not affect the legality of processing that took place on the basis of the consent granted before its withdrawal.

If you submit a request to exercise any of the above rights, we will respond to it promptly, however, not later than within a month from the date of receipt. If, due to the complex nature of the request or the number of requests, we will not be able to fulfill your request within a month, we will fulfill it within the next two months. However, we will first inform you about the intended extension of the deadline.

HOW CAN ONE COMPLAIN ABOUT IRREGULARITIES IN THE PROCESSING OF PERSONAL DATA?

If you believe that your personal data is being processed by us contrary to applicable law, you can lodge a complaint with the President of the Office for Personal Data Protection.

DOES USING THE WEBSITE INVOLVE SENDING LOGS TO THE SERVER?

Using the Website involves sending queries to the server on which the site is stored. Each query directed to the server is recorded in server logs and stored on the server. The logs include, among others, IP address, server date and time, information about the internet browser and operating system.

The data saved in server logs are not associated with specific persons using the site and are not used by us to identify you.

Server logs serve only as auxiliary material for site administration, and their content is not disclosed to anyone except persons authorized to administer the server.

CAN WE CHANGE OUR PRIVACY POLICY?

Yes. The protection of personal data is a process that we adapt to current needs and changing technology. Therefore, our Privacy Policy may be supplemented or changed, which we will inform you about by posting information on the Website, and in the case of significant changes, we will send separate electronic notifications to registered service recipients.