PRIVACY POLICY

The Policy is for information purposes and serves satisfaction of information obligations imposed on the data controller under the GDPR, i.e. Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Anyone who uses the website available at www.blazity.com (“Website”) joining to newsletter (“Newsletter”) should become acquainted with the Privacy Policy. The Privacy Policy determines the rules for processing personal data of persons using the Website and using Cookie files and other tracking technologies used in connection with operation of the Website and on landing page available at www.blazity.com/newsletter.

Personal data controller

  1. The controller of users’ personal data is Blazity sp. z o.o. with its registered office in Warsaw (00-535), ul. Trzech Krzyży 10/14, entered in the register of entrepreneurs of the National Court Register (KRS) under number KRS: 0000743458, Tax Identification Number NIP: 9512467349, National Business Registry Number REGON: 38093625300000, share capital in the amount of PLN 5,000.00 (“Blazity”).
  2. Each data subject may contact Blazity as the personal data controller by sending a message to the e-mail address: contact@blazity.com.

Data processing method

  1. The purpose and scope of processed personal data are determined by the scope of consents and data provided by the data subject in the contact form or otherwise. The processing of personal data by Blazity may concern in particular: first and last name, e-mail address, social media identifiers, phone number, work place, IP address, as well as any other data voluntarily provided by the data subject, in particular by means of the contact form.
  2. Providing personal data is voluntary, but failure to provide the personal data marked in forms as obligatory will prevent sending mails through the Website or phone contact on the part of Blazity. Due to the nature of actions taken up by Blazity, they cannot be provided anonymously.
  3. Providing data is necessary to conclude an agreement to receive the Newsletter. If User doesn’t provide personal data, User will not receive the newsletter.
  4. Personal data of users will be processed for the following purposes:

Purpose

Scope of data

Legal ground

Processing period

phone calls (after the data subject uses the contact form)

phone number, e-mail address, first name, other personal data voluntarily provided by the data subject

Article 6(1)(f) of the GDPR – legitimate interest of the controller which consists in responding to queries and correspondence provided directly by data subjects

until a call ends or the data subject objects

correspondence in electronic form (after the data subject uses the contact form)

e-mail address, first and last name, organisation name, other personal data voluntarily provided by the data subject

Article 6(1)(f) of the GDPR – legitimate interest of the controller which consists in responding to queries and correspondence provided directly by data subjects

until correspondence ends or the data subject objects

providing access to the website

IP address

Article 6.1(b) of the GDPR – statutory authorisation to process data necessary to perform an agreement 

until lapse of the period of limitation of claims connected with access to the website

marketing activities (after the data subject uses the contact form)

e-mail address

Article 6(1)(f) of the GDPR – legitimate interest of the controller which consists in informing about its activity

until data cease to be useful or the data subject objects

providing Newsletter

e-mail address, position

Article 6.1(b) of the GDPR – statutory authorisation to process data necessary to perform an agreement

throughout the duration of the agreement

analysing traffic on the website

IP address, Cookie files of the following type:

- _utma;

- _utmb; - _utmc; - _utmz;

- PHPSESSID

Article 6(1)(a) of the GDPR – consent given by the data subject

until data cease to be useful or the data subject withdraws the consent

protection against claims, raising claims

e-mail address, first and last name, other data voluntarily provided by the data subject in the course of co-operation

Article 6(1)(f) of the GDPR – legitimate interest of the controller which consists in protecting against claims and raising claims

until lapse of the period of limitation applicable to claims connected with access to the Website and users actions within the website, calculated from the time of the user’s last visit on the website

  1. If Blazity is advised that the person uses the services provided by Blazity or the Website functionalities in violation of applicable legal provisions, then Blazity may process user’s personal data in a scope required for establishing his/her liability.
  2. Blazity will not make automated decisions against data subjects. Blazity will carry out profiling of data subjects in a scope necessary to present them personalised content of marketing nature adjusted to needs, preferences and conduct of particular Users

Transfer of personal data

  1. Blazity transfers data outside the European Economic Area (“EEA”) only when it is necessary for the performance of services. Should it become necessary, Blazity will immediately inform each data subject.
  2. Transferring users’ personal data to third parties will be governed by model contractual clauses, where both Blazity and its counterparties undertake to ensure appropriate level of security of users’ personal data. Prior to signing model contractual clauses, Blazity verifies each of its counterparties which would have access to users’ personal data and assesses whether the country to which users’ personal data would be transferred enables enforcement of rights and provides the users with effective legal remedies.
  3. If the European Commission issues a decision in which it determines whether the relevant third country ensures the appropriate level of protection of personal data, then transferring users’ personal data to such country may also proceed on the basis of such decision.
  4. Newsletter

    1. Blazity transfers personal data outside the EEA for the purpose of delivering the Newsletter to the Rocket Science Group LLC with its registered office in Atlanta, USA – the provider of the tool for sending e-mail message (Mailchimp), based on model contractual clauses.
    2. The provider of Mailchimp declares that it complies with the conditions for compliance of data processing with the GDPR. For more information https://mailchimp.com/gdpr/.
    3. The United States is not part of the European Economic Area, and therefore the provisions of the General Data Protection Regulation (GDPR) do not apply to its territory. Nor has the United States been subject to a decision by the European Commission finding an adequate level of protection for personal data. This may result in increased risks in connection with the processing of User’s personal data by these entities, particularly due to the lack of a supervisory authority in the United States. You may file any complaints related to compliance with data protection regulations with the national supervisory authority for Blazity, i.e. the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw, Poland.
    4. The transfer of User’s personal data to recipients in the United States is based on standard data protection clauses (model contractual clauses), which have been approved and adopted by the European Commission. Users may obtain a copy of the standard contractual clauses at address: https://mailchimp.com/legal/data-processing-addendum/.


Recipients of data

  1. Blazity may transfer users’ personal data to third parties for the purpose of performance of the activities stated in the Terms of Service. The recipients of User’s data are: hosting provider, e-mail operator, software development company, provider of the CRM software, provider of the service connected with sending e-mails, accounting firm, law firm, entities providing cloud and other solutions used by Blazity in its current operations which involve personal data processing.
  2. Personal data collected by Blazity may also be disclosed to competent state bodies or institutions (law enforcement authorities, courts, security service) authorised to gain access to them on the basis of the respective generally applicable legal provisions, or other persons and entities – in the cases prescribed by the generally applicable legal provisions.
  3. Each entity to which Blazity transfers personal data for processing on the basis of a personal data transfer agreement (“Data Transfer Agreement”) guarantees an adequate level of security and confidentiality of the processing of personal data. An entity processing personal data on the basis of the Transfer Agreement may process personal data through another entity only upon prior written consent of Blazity.
  4. Disclosure of Users’ personal data to unauthorised entities under the Privacy Policy may take place only upon prior written consent of the data subject.

Rights of data subjects

  1. Each data subject has the right to: (a) delete the collected personal data referring to him/her both from the system belonging to Blazity as well as from bases of entities which have co-operated with Blazity, (b) restrict the processing of data, (c) portability of the personal data collected by Blazity and referring to the relevant person, in this to receive them in a structured form, (d) request Blazity to enable him/her access to his/her personal data and to rectify them, (e) object to personal data processing, (f) withdraw the consent towards Blazity at any time without affecting the legality of the personal data processing carried out on the basis of the consent before it is withdrawn, (g) lodge a complaint about Blazity to the supervisory authority (President of the Personal Data Protection Office).
  2. Users have the right to object at any time to the processing of your personal data on grounds relating to User’s particular situation in cases where the legal basis for the processing is the legitimate interest of the Blazity. If Blazity concludes that there are compelling legitimate grounds for processing overriding User’s interests, rights and freedoms, or grounds for establishing, asserting or defending claims, Blazity will continue to process your objected data.
  3. If personal data is processed for direct marketing purposes, the data subject has the right to object at any time.

Other data

  1. Blazity may store http enquiries, therefore the files containing web server logs may store certain data related to users, including the IP address of the computer sending the enquiry, the name of user’s station – identification through http protocol, date and system time of registration on the website and receipt of the enquiry, number of bytes sent by the server, the URL address of the site visited by the user before (if the user has entered the website through a link), information concerning user’s browser, information concerning errors occurred by realization of the http transaction. Web server logs may be collected for the purposes of proper administration by Blazity. Only persons authorised to administer the IT system have access to the data referred to above. Files containing web server logs may be analysed for the purposes of preparing statistics concerning traffic on the website and occurring errors. Summary of such details does not identify the user.
  2. Blazity may use analytics and marketing tools, in particular ActiveCampaign, Hotjar, Google Analytics and Facebook Pixel, Google Tag Manager, as part of which it has access to anonymised information on users, including: information on the operating system and Internet browser used by the user, time spent on the website, user’s age range, gender, approximate location, interests determined on the basis of his/her activity in the Internet. The details referred to in the preceding sentence are not combined with users’ personal data and do not enable their identification and are not personal data within the meaning of the GDPR.

Security

  1. Blazity takes care of security of users’ personal data. For this purpose Blazity has implemented appropriate safeguards and means of protection of personal data taking into account risks connected with the process of personal data processing. In particular, Blazity applies technological and organisational means in order to secure personal data against being disclosed to unauthorised persons, taken over by an unauthorised person, changed, lost, damaged or destroyed, as well as processed in violation of the GDPR by using, among other things, SSL certificates. The compilation of personal data collected by Blazity is stored on secured servers, moreover, personal data are also secured by internal procedures of Blazity related to the processing of personal data and information security policy.
  2. Irrespective of the foregoing, Blazity states that using the Internet and services provided by electronic means may pose a threat of malware breaking into the teleinformatic system and device of the relevant person, as well as a third party gaining access to data, including personal data. In order to minimise such threats, each person should use appropriate technical safeguards (antivirus programs) or programs securing identification in the Internet.

Cookies

  1. For the purposes of the correct operation of the website, Blazity uses a cookie support technology. Cookies are packages of information stored on the device of a relevant user through Blazity, usually containing information corresponding to the intended use of a particular file, by means of which the user uses the Blazity website – these are usually: website address, date of publishing, lifetime of a cookie, unique number, and additional information corresponding to the intended use of a particular file.
  2. Blazity uses two types of Cookies: (a) session cookies, which are permanently deleted upon closing the session of the user's browser; (b) permanent cookies, which remain on the user's device after closing the session until they are deleted.
  3. Cookie files used by Blazity are related to the supplier of the solutions referred to in clause 6.2. of this Privacy Policy.
  4. It is not possible to identify the user on the basis of Cookie files, whether session or permanent. The Cookie mechanism prevents collection of any personal data.
  5. Cookies used by Blazity are safe for the user's device, in particular they prevent viruses or other software from breaking into the device.
  6. Files generated directly by Blazity may not be read by other websites. Third-Party Cookies (i.e. Cookies provided by entities co-operating with Blazity) may be read by an external server.
  7. The user may individually change the cookie settings at any time, stating the conditions of their storage, through the Internet browser settings or configuration of the service.
  8. First of all, the user may disable storing cookies on his/her device in accordance with the instructions of the browser producer, but this may disable certain parts of or the entire operation of the Blazity website.
  9. The user may also individually remove Cookies stored on his/her device at any time in accordance with the instructions of the browser producer.
  10. Blazity uses own Cookies for the following purposes: configuration of the website and adjustment of the page content to the preferences or conduct of the user; analysis and research of views, click number and path taken on the website to improve the appearance and organisation of content on the website, time spent and number and frequency of visits on the Blazity’s website, as well as determination of Website user’s needs.
  11. Details concerning Cookie support are available in the settings of the browser used by the data subject.

Final provisions

  1. The Privacy Policy comes into force on March 16, 2023