Privacy Policy

version effective as of 17.10.2023 r.

All capitalised terms used in this document (“Privacy Policy”) shall have the meaning given to them in the Terms and Conditions, unless otherwise indicated. This Privacy Policy describes the principles of processing Customers’ and Representatives’ personal data in connection with placing Orders on the Website and in connection with providing Services to the Customers, as well as processing personal data in other cases. The Privacy Policy also contains information on cookies used on the Website.

WHO IS THE CONTROLLER OF YOUR DATA??

The controller, i.e. the entity which determines the purposes and means of processing your personal data, is Itro sp. z o.o. (limited liability company) with its registered office in Białystok, Poland, Wschodnia 46, 15-158 Białystok, entered in the National Court Register kept by the District Court in Białystok, 12th Commercial Division of the National Court Register, under KRS number: 0000387148, holding NIP (tax identification) number: 7831672763 and REGON number: 301751271, with the share capital of 5 000 PLN fully paid up (the “Controller”, “we, “us, “our”) .

Your personal data is processed by the Controller in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (“GDPR”).

HOW CAN YOU CONTACT THE CONTROLLER??

You can contact us::

• in writing to the address: Wschodnia 46, 15-158 Białystok, Polska
• or electronically by writing to the e-mail address:[rodo@itro.pl]

FOR WHAT PURPOSES WE PROCESS YOUR PERSONAL DATA?

Processing personal data in connection with the conclusion and performance of Sales Agreements

In connection with placing Orders via the Website by Customers being natural persons, we process personal data for the following purposes and on the following legal grounds:

1. in order to conclude and perform Sales Agreement – on the basis of Article 6(1)(b) of the GDPR (data processing is necessary for the conclusion and performance of the Sales Agreement);
2. for the purpose of verifying the Customer’s status (in terms of whether he/she is an entrepreneur) and the possibility of concluding Sales Agreement in accordance with the Terms and Conditions, which constitutes our legitimate interest in accordance with Article 6(1)(f) of the GDPR;
3. for the purpose of processing of potential complaints, which constitutes our legitimate interest in accordance with Article 6(1)(f) of the GDPR;
4. in order to fulfil our legal obligations in the field of tax and accounting, in particular: issue invoices or other accounting evidence, keep accounts, settle taxes, archive data for accounting purposes – on the basis of Article 6(1)(c) of the GDPR in relation to the provisions of tax and accounting law;
5. in order to establish, assert and defend claims, which constitutes our legitimate interest pursuant to Article 6(1)(f) of the GDPR.

In the case of Customers other than natural persons we process personal data of Representatives for the following purposes and on the following legal grounds:

1. for the purpose of concluding Sales Agreement between a Customer and us and its performance, and in particular to verify Representative’s authorization to enter into the Sales Agreement on behalf of the Customer and to contact the Representative as the contact person in connection with the performance of the Sales Agreement – on the basis of Article 6(1)(f) GDPR, i.e. on the basis of our legitimate interest, which is to enable the performance of the Sales Agreement and to enable the verification of Representative’s authorization to enter into the Sales Agreement on behalf of the Customer;
2. for the purpose of processing of potential complaints, which constitutes our legitimate interest in accordance with Article 6(1)(f) of the GDPR;
3. in order to fulfil our legal obligations in the field of tax and accounting, in particular: issue invoices or other accounting evidence, keep accounts, settle taxes, archive data for accounting purposes – on the basis of Article 6(1)(c) of the GDPR in relation to the provisions of tax and accounting law;
4. in order to establish, assert and defend claims, which constitutes our legitimate interest of pursuant to Article 6(1)(f) of the GDPR.

The provision of personal data to the extent necessary for the fulfilment of legal obligations is mandatory and results from tax and accounting regulations. Providing personal data for the purpose of concluding Sales Agreement is voluntary, but necessary for concluding this Sales Agreement and its performance.

Personal data is stored for the period of execution of the Sales Agreement and then until the statutory obligation to store data ceases (5 years from the end of the fiscal year) and until the expiry of the period of limitation of claims.

Processing of Customers’ personal data in connection with the provision of Services

In the case of the conclusion of Services Agreement between the Controller and the Customer for the electronic provision of Services, personal data is processed for the following purposes and on the following legal bases:

1. in order to carry out the Services – on the basis of Article 6(1)(b) of the GDPR (data processing is necessary for the performance of the contract for the provision of services by electronic means);
2. for the purpose of handling of possible complaints, which is the Controller’s legitimate interest under Article 6(1)(f) GDPR;
3. in order to establish, assert and defend claims, which constitutes our legitimate interest of pursuant to Article 6(1)(f) of the GDPR.

Providing personal data in order to perform the above Services is voluntary, but necessary for their provision. Personal data is kept for the duration of the relevant Service. The Customer may opt out of the above Services at any time.

Data processing in connection with sending a free sample report

If you provide personal data (an email address) in the dedicated form, your personal data is processed for the purpose of sending a one-time, free sample report by Itro. The basis of the data processing is your consent (Article 6(1)(a) of the GDPR).

Provision of personal data is voluntary, but necessary for the above purpose.

Personal data is transferred for the purpose of transmitting the duration of the report or until the consent is withdrawn (whichever comes first)..

Data processing in connection with e-mail or written contact

When you contact us by email or post, we receive your personal data directly from you. The Controller processes it in order to respond to your request, which is our legitimate interest under Article 6(1)(f) of the GDPR.

You provide your personal data voluntarily in this case, but without it we will not be able to respond to your enquiry.

We will process your personal data provided to us in connection with your enquiry for the period necessary to respond or until you lodge an effective objection to the processing of your personal data.

Processing of personal data in social media

The Controller maintains its profile in the following social media:

Facebook: [https://www.facebook.com/itroexportsolutions/].

LinkedIn: [https://www.linkedin.com/company/itroexportsolutions/]

YouTube: [https://www.youtube.com/channel/UCqQMkKmZJ2gZS2gLBR8I_UA]

Twitter: [https://twitter.com/itro_consulting]

In connection with the operation of the above profiles, we acquire your personal data in connection with your subscription to our page (clicking the “Like” or “Watch” icon etc.), your publication of a comments under any of our posts on our profile in the social media, as well as in connection with sending a message via functionality of a given social network. The Controller processes your personal data in particular as follows:

1. your user ID / your identification data and other information to the extent published by you on your own profile in a given social network;
2. your profile picture;
3. the content of the comments and the content of the conversation you have with us through the functionality of a given social network;
4. statistical data on visits to our profiles.

The Controller processes your personal data for the following purposes and on the following legal grounds:

1. to maintain a profile, under the terms and conditions set by the social network’s operator, and to inform you through it about our activities and products, as well as to build and maintain community and to communicate through the available functionalities of a given social network (comments, messages etc.), which constitutes our legitimate interest in accordance with Article 6(1)(f) of the GDPR;
2. w to conduct analyses of the functioning, popularity, use of our profile, which is our legitimate interest in accordance with Article 6(1)(f) of the GDPR.

When using the statistics function on Facebook, the Controller and Meta Platforms Ireland Ltd act as joint controllers of the data processed for statistics purposes. The arrangements between the joint controllers, which define the responsibilities for the processing of personal data, can be found here:

https://www.facebook.com/legal/terms/page_controller_addendum

According to them, Meta Platforms Ireland Ltd has assumed primary responsibility under the GDPR for processing data for statistics purposes and for complying with all relevant obligations under the GDPR.

Tracking of web activity can take place regardless of whether you are logged in or registered with the social network.

You can find detailed information on activity tracking in the privacy policy of a given social network. As for the statistics we receive from the operator, we have a limited influence on them and can only prevent their transmission to a limited extent. If you are a logged in/registered user a given social network, please verify your privacy settings to correspond to your preferences.

The provision of personal data is voluntary.

Information that is contained in private messages sent to the Controller via the functionalities of a given social network will be stored until the fulfilment of our legitimate interest, or until you object to the processing on grounds of your particular situation or until you delete your user profile, whichever comes first.

In the case of information held by us as part of comments shared by you, it will be available on our profile until you delete it.

Personal data collected by a given social network operator, i.e. history of posts, history of activity and sent messages, are subject to storage according to the terms and conditions of a given platform.

Statistical data regarding visitors to our profiles will be processed for the time that the data is available on each platform in accordance with its terms and conditions.

For more information about the processing of your personal data by the operator of the respective web portal, please follow the links below:

LinkedIn – https://pl.linkedin.com/legal/privacy-policy

Facebook – https://pl-pl.facebook.com/privacy/explanation/   

YouTube – https://www.youtube.com/intl/ALL_pl/howyoutubeworks/user-settings/privacy/

Twitter – https://twitter.com/en/privacy.

Processing personal data in connection with the use of cookies

By using cookies (as detailed below), we may process your personal data for analytical, statistical and marketing purposes, depending on which cookies you have consented to (pursuant to Article 6(1)(a) of the GDPR).

The data is stored until you withdraw your consent.

Processing of data in connection with sending requests concerning the exercise of rights under the GDPR

You have certain rights in relation to our processing of your personal data (see below in Privacy Policy), and you may address correspondence to us regarding the exercise of these rights. In connection with such correspondence, the Controller processes your identification data, contact data, and other data provided by you or any other person who sends a request on your behalf to exercise your rights under the GDPR. Where the application is not sent directly by you, but by a proxy or legal representative, we process in addition data concerning that proxy or representative, i.e. their identification data, contact data and data concerning the type of empowerment.

The Controller processes applicants’ personal data for the following purposes and on the following legal grounds:

1. w  contacting you regarding your request for the exercise of rights under the GDPR – on the basis of Article 6(1)(c) of the GDPR, as the processing of personal data is necessary for the fulfilment of our legal obligation under Article 12(1)-(3) of the GDPR;
2. archiving correspondence carried out on the handling of your request for the exercise of rights under the GDPR, for the purpose of proof and demonstrating that we have responded to your request in a timely manner, which is our legitimate interest under Article 6(1)(f) of the GDPR.

The provision of personal data is necessary in order to fulfil the request made by you.

The personal data is processed for the duration of the correspondence and will then be archived for evidence purposes until the expiry of the period of limitation of claims.

RECIPIENTS OF PERSONAL DATA

Your personal data may be disclosed by the Controller to other entities:

1. its contractors, in particular entities providing accounting, marketing and IT services, web hosting providers (these are entities processing personal data on behalf of the Controller, with whom we have concluded agreements on entrusting processing of personal data);
2. banks or institutions intermediating in making payments for the ordered Products;
3. couriers, post offices;
4. entities authorised by law,
5. if you publish content in connection with our social media profile, your personal data is also visible to visitors to this profile and its operator.

AUTOMATED DECISION-MAKING

The Controller does not make decisions about you based solely on automated processing, including profiling.

TRANSFER OF DATA OUTSIDE THE EEA

In connection with the maintenance of the social media profiles, your personal data may be transferred to the USA or another country outside the European Economic Area (EEA). Where personal data is transferred outside the EEA, social network operator is required to apply appropriate safeguards, in particular EU Standard Contractual Clauses. In such case, you may request a copy of these relevant safeguards. You can find more detailed information in the privacy policy of a given social network.

YOUR RIGHTS

You have the following rights in relation to the Controller’s processing of your personal data:

1. access to your personal data (Article 15 GDPR), including obtaining a copy of your data (Article 15(3) GDPR),
2. to rectify (amend) or complete incomplete personal data (Article 16 GDPR),
3. to request the erasure of personal data in cases provided for by law (Article 17 GDPR),
4. to request the restriction of the processing of personal data (Article 18 GDPR),
5. to receive your data in a structured commonly used format and to have it transferred where the processing is based on your consent or contract by automated means (Article 20 GDPR),
6. to object to the processing of your personal data where the processing is carried out for our legitimate interest, on grounds related to your particular situation (Article 21 GDPR),
7. to withdraw the consents granted at any time, without affecting the lawfulness of the processing that took place on the basis of the consents before their withdrawal.

You can exercise the above rights by contacting us as indicated in section How can you contact the controller?

In addition, if you consider that the processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint to the competent supervisory authority.

COOKIES

Depending on your settings, in addition to technically necessary cookies, we may use cookies for statistical, analytical or marketing purposes. Cookies are small text files containing information about your activity on the Website and storing it on the device from which you access the Website.

In accordance with applicable law, we may store cookies on your device if this is necessary for the functioning of the Website (these cookies are described below as necessary). For the use of any other types of cookies (in particular analytical or advertising cookies) the Controller needs your permission (opt-in).

Strictly necessary cookies on the Website do NOT legally require your prior consent. They are automatically installed on your device when you access the Website or make specific choices on the Website. They are necessary for the proper functioning of the Website, including to perform certain tasks such as, for example, performing the Services you have requested through the Website. These cookies are not deleted once you have finished browsing the Website, but have a limited validity period.

If you agree to this when you first visit the Website, or later by invoking the cookie settings panel, we will also use analytical, statistical or marketing cookies.

At any time you can change your cookie settings by invoking the cookie settings panel available at the bottom of the Website under “Change cookie settings” button.

CHANGES TO THE PRIVACY POLICY

This Privacy Policy may be updated in the event of a change in legislation that affects the processing of your personal data, as well as if the Controller introduces changes in processing your personal data.