Privacy policy
In this document, you will find terms and conditions of processing personal data and the use of cookies in connection with the use of gritstep.com and crowdpub.org.
The administrator of the website is Gritstep Konrad Kokosa with its registered office in Warsaw, at ul. Sanocka 4/59, 02-110 Warsaw, NIP [tax id]: 5272303869, REGON: 367819402.
If you have any doubt in connection with the privacy policy, you can contact us at any time by sending an email to kkokosa@gritstep.com.
SHORT VERSION – KEY INFORMATION
We care about both your privacy and your time. Therefore, we have prepared for you a short version of the key information related to privacy protection.
By visiting our website, choosing to use the Gritstep or CrowdPub system, subscribing to our newsletter, or contacting us by phone or email, you provide us with your personal data. We guarantee that it will remain confidential, secure and not be shared with any third party without your express consent.
We have entrusted the processing of personal data only to well-tried and trusted providers of personal data processing services. We use Google Analytics analytical tools to collect information about your visits to the website, such as the subpages you have viewed, the time you have spent on the website, and subpages transitions. To this end, Google Analytics cookies from Google LLC are used. As part of the cookie settings mechanism, you have the opportunity to decide whether or not we will also be allowed to use the marketing functions of Google Analytics.
We use marketing tools such as Facebook Pixel to target ads to you, which involves using cookies from Facebook. Using the cookie settings, you can decide whether or not you agree to our use of the Facebook Pixel in your case. If the above information is not sufficient for you, please find further details below.
PERSONAL DATA
The controller of your personal data within the meaning of the provisions on personal data protection is Gritstep Konrad Kokosa with its registered office in Warsaw, at ul. Sanocka 4/59, 02-110 Warsaw, NIP [tax id]: 5272303869, REGON: 367819402.
Purposes, legal basis, and period of personal data processing
- performance of the service contract (registration and maintenance of the customer account, placing orders for paid and free of charge services, the performance of the contract):
- the legal basis is that the processing is necessary for the performance of a contract or to take steps at the request of the data subject before entering into a contract (Article 6(1)(b) of the GDPR),
- the data are to be processed until the end of performing of the service (deletion of the customer account, termination of the services contract);
- complying with the tax obligations (issuing invoices, keeping accounting records):
- the legal basis is compliance with a legal obligation to which we are subject (Article 6(1)(c) of the GDPR),
- the data will be processed until the expiry of the limitation periods for tax obligations;
- establishment, exercise and defence of legal claims:
- the legal basis is our legitimate interest (Article 6(1)(f) of the GDPR) in taking actions aimed at protecting our rights in proceedings before courts and other state authorities,
- the data will be processed until the expiry of the limitation periods for claims under applicable law;
- providing proper functioning of the Website and analysis of the Website users activities:
- the legal basis is our legitimate interest (Article 6(1)(f) of the GDPR) in conducting analysis and statistics on the use of particular functionalities of the Website (e.g., Google Analytics cookies, Facebook Pixel),
- the data will be processed until an effective objection is raised or the purpose of the processing is achieved;
- maintaining fan pages and groups on Facebook, YouTube channel, Instagram account and interacting with users of the above mentioned social media:
- the legal basis is our legitimate interest (Article 6(1)(f) of the GDPR), which we have in promoting the Website and adapting its functionalities to current needs,
- the data will be processed until the expiry of the limitation periods for claims under applicable law;
- responding to questions made to us by phone or email:
- the legal basis is our legitimate interest (Article 6(1)(f) of the GDPR), which we have in communicating with our customers and answering potential questions from our customers or other people interested in our products and services,
- the data will be processed until the expiry of the limitation periods for claims under applicable law;
- marketing (promotion of our products and services):
- the legal basis is our legitimate interest (Article 6(1)(f) of the GDPR) in maintaining business relationships with the customers and surveying their satisfaction, looking after our own interests and image, or respectively the contract for the newsletter service (Article 6(1)(b) of the GDPR),
- marketing (promotion of the products and services of entities cooperating with us):
- the data will be processed until an effective objection is raised or the purpose of the processing is achieved, and where the basis for processing is consent – until the consent is withdrawn (whereby withdrawal of the consent does not affect the lawfulness of data processing before its withdrawal).
- We process your personal data as long as it is necessary to achieve the purposes mentioned above unless you make a valid and proper request to delete your personal data. In addition, the data processing period may depend on the legal provisions applicable to us, e.g. in the case of the storage of financial documents or the time limits for pursuing the claims.
Data subjects’ rights
The GDPR grants you the following potential rights concerning the processing of your personal data:
- the right of access to personal data,
- the right to rectification of personal data,
- the right to the erasure of personal data,
- the right to restriction of processing of personal data,
- the right to objection to the processing of personal data,
- the right to transfer the personal data,
- the right to file a complaint to a supervisory authority (President of the Personal Data Protection Office),
- the right to withdraw the consent to the processing of the personal data, where you have given your consent.
- The terms of exercising the above rights are described in detail in Articles 16 – 21 of the GDPR. We encourage you to familiarise yourself with the provisions thereof. The rights indicated above are not absolute and, under the applicable law, you will not enjoy them in relation to all activities involving the processing of your personal data.
If you request us to exercise any of the above rights, we will respond to your request immediately, but no later than within one month of its receipt. If we cannot satisfy your demand within one month due to the complexity of the request or the number of requests, we will comply with it within a further two months. However, we will inform you in advance of the intended extension of the deadline.
Please also be informed that the withdrawal of your consent to data processing will not affect the lawfulness of data processing that took place under the consent given before its withdrawal.
Security
We guarantee you the confidentiality of all personal data provided. We ensure the implementation of all security and data protection measures required by data protection legislation. Personal data are collected with due care and suitably protected against access by unauthorised third parties.
Your data recipients
Your personal data recipients may be:
- entities involved in the performance of our contracts, e.g., accounting office, IT services providers, hosting services providers, payment systems providers,
- entities providing us with the support and the services under separate agreements, within the scope of our business activity, e.g. website activity and direct marketing tools suppliers, suppliers of tools for creating landing pages and collecting leads, office systems suppliers, project management software suppliers, communication software suppliers,
- authorised state authorities under applicable laws,
- other entities whose request for data transfer is justified under the applicable laws.
All entities we entrust the processing of personal data ensure the application of suitable measures for the protection and security of personal data required by the provisions of law.
Transfer of personal data to third countries
Generally, we do not transfer personal data to countries outside the European Economic Area (EEA). However, if such a need arises in connection with the provision of the services, we will assess the circumstances and ensure the appropriate level of data protection so that the processing takes place in line with the applicable legal regulations.
Operating the website, we use services and technologies offered by the entities such as Facebook, Microsoft, Google, which are based in the United States and may partially process personal data using servers located outside the European Economic Area (EEA). Under the provisions of the GDPR, these are so-called entities based in third countries, in respect of which the compliance with the adequate level of protection or a note of the existence of appropriate safeguards shall be demonstrated.
We ensure that the entities mentioned above apply the compliance mechanisms provided for by the GDPR (e.g. certificates) or standard data protection clauses adopted by the European Commission (Article 46(2)(c) of the GDPR). For more information on the data processing by the above entities, please visit the websites of these services providers.
Profiling
As part of the Website and the technologies used, we may profile your data. Profiling involves using the user’s data (i.e. gender, age, hobbies, approximate location, website behaviours) to assess his/her activity and potential demand for the services.
The profiling enables to personalise offers and advertisements addressed to the users; however, it does not affect the terms and conditions of concluded service contracts. The information processed is anonymous and is not associated with the user ordering the services. Thus, we do not make any automated decisions that could produce legal effects on individuals or affect them in a similarly significant way.
Gritstep Konrad Kokosa a procesor
Providing services under Gritstep Konrad Kokosa Terms of Service, we also act as a processor, processing personal data of our customers’ clients (Creators). These data are collected and recorded in the Gritstep and CrowdPub system in connection with the provision of separate services by our customers (Creators).
As a processor, we process data only upon a documented instruction of the controller of such data (under a data entrustment agreement), committing ourselves to secure them properly by applying appropriate technical and organisational measures and ensuring an adequate level of security corresponding to the risks involved in the processing of personal data (according to the Article 32 of the GDPR). We also ensure that persons authorised by us to the processing have undertaken to keep them confidential.
Cookies and other tracking technologies
Like almost all other websites, our website uses cookies to give you the best browsing experience. Cookies are small text files stored on your device (e.g. computer, tablet, smartphone) that our IT system can read. For more details, please see below.
Consent to the use of cookies.
During your first visit to the website, you will be noticed of the use of cookies and asked whether or not you agree to the use of the cookies. A unique tool allows you to manage cookies from the website. Furthermore, you can always change the settings of your browser’s cookies or clear your cookies. Please note, however, that disabling the cookies may cause difficulties in using the website and many other websites using cookies.
Third party cookies.
Like most modern websites, our website uses features provided by third parties, which involves using cookies from third parties. The use of this type of cookies is described below.
Analysis and statistics.
We use cookies to track website statistics such as the number of visitors, type of operating system and browser used to browse, time spent on the website, subpages visited, etc. To this end, we use Google Analytics, which involves using cookies from Google LLC. As part of the cookie settings management mechanism, you may decide whether or not we will be able to use marketing functions within the Google Analytics service.
Marketing.
We use marketing tools such as Facebook Pixel to target ads to you, using cookies from Facebook. Under the cookie settings, you can decide whether or not, in your case, you agree to our use of the Facebook Pixel.
Server logs
Using the website involves sending queries to the server that hosts the website. Each query sent to the server is recorded in server logs and stored. The logs include, among the others, your IP address, date and time of the server, the information on the Internet browser and operating system you use. The logs are recorded and stored on the server.
The data stored in the server logs are not associated with specific website users and are not used to identify you. The server logs constitute solely auxiliary material used to manage the website, and their content is not disclosed to anyone except persons authorised to manage the server.
Amendments to the Privacy Policy
Our Privacy Policy may be supplemented or amended, as we will inform you of this by a post on the website. In the event of material changes, the customers having accounts at CrowdPub or subscribed to the newsletter will be sent separate email notices.