Privacy Policy

Privacy Policy

Introduction

At DeSmart sp. z o.o. with its seat in Gdynia (81-374), ul. Sienkiewicza 44/1, Poland, NIP number: 5862319297, REGON number: 367498116 (hereinafter “DeSmart” or “we”) we are committed to protecting and respecting your personal data. We strive to ensure that your personal data is processed by the requirements of Polish and European Union law regarding the principles of data processing and security, especially in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (hereinafter “GDPR”).

This document explains when and why we collect personal information, how we use it, the conditions under which we may disclose it to others, and your choices. This Privacy Policy applies to the processing of Personal Data as part of the sale of our products, the use of our services, websites, (online) sales promotions, marketing campaigns, sponsored social platforms, etc. that are provided or operated by us or on our behalf. This document also applies to job seekers at DeSmart.

Who are we?

DeSmart is an application development and design firm specializing in different technologies and offering clients software design and development services. 

Who is the Controller of your data and what does it mean?

The controller of your data is DeSmart (DeSmart sp.z o.o.with its seat in Gdynia (81-374), ul. Sienkiewicza 44/1, Poland, entered into the Register of Entrepreneurs kept by the District Court Gdańsk-Północ in Gdańsk, VIII Commercial Division of the National Court Register under number 0000681984, NIP: 5862319297, REGON: 367498116, share capital: PLN 20,000.00).

This means that DeSmart decides about the purposes and methods of processing your data, i.e. what and how they will be used.

How to contact us?

For any questions or requests or complaints concerning the application of this Policy or to exercise your rights, as described in this Policy, you may contact us by:

or

  • by letter to the address: DeSmart sp. z o.o., ul. Sienkiewicza 44/1, 81-374 Gdynia, Poland

When do we collect your data?

DeSmart obtains your data when:

  • you interact with us in person – through correspondence, by phone, by social media, or through our desmart.com (the “Site”);
  • you are using our services and products;
  • we receive your data from other legal sources, from our marketing partners, service providers, data brokers, public sources, or social networks. We only use this data if you have given your consent to share your data with others;
  • it is considered a legitimate interest of DeSmart and if this interest does not override your privacy interests. We make sure that an assessment is made based on an established mutual interest between you and DeSmart.

Moreover, when visiting the Site, data about the visit itself is automatically collected, e.g. user’s an IP address, domain name, browser type, operating system type, etc. (login data). Data collected automatically can be used to analyze user behavior on the Site, collect demographic data about users, or personalize the content of the Site to improve it. However, these data are processed only for the purposes of website administration, ensuring efficient hosting service, or directing marketing content and are not associated with the data of individual users. You can read more about cookies later in this policy.

Categories of personal data processed, purposes and grounds for their processing, and the period of processing 

The table below presents the personal data we collect and for what purpose and for what period:

PurposeCategories of Personal DataLegal GroundsProcessing period
Marketing communication (Newsletter)Name and surname, company name, function, address, email address, telephone number, and possibly other data required for marketing purposesYour consent (Article 6 (1) (a) of the GDPR)Until you withdraw your consent (in the absence of any other legal basis for processing). Moreover, for 10 years we will keep evidence of the consent granted for evidence purposes – to prove the facts in the event of any claims related to incorrect processing of personal data.
Entering into contracts and implementation of contractsName and surname, company name, function, address, email address, telephone number, and possibly other data necessary for identificationActivities aimed at concluding a contract and concluded contract (Article 6 (1) (b) of the GDPR)For the period necessary to perform the contract/service or guarantee and to pursue or defend related claims, i.e. for 10 years from the end of the year in which the contract was concluded or until the claims are time-barred
Pursuing claims, undertaking debt collection actionsName and surname, company name, address, email address, telephone number, and possibly other data necessary for identificationOur legitimate interest (Article 6 (1) (f) of the GDPR – evidence purposes)For the period until you submit an objection, subject to the need to process data until the end of the period necessary to establish, assert or defend claims
Administration, maintenance, and development of IT systems and ensuring data securityIP address, domain name, browser type, operating system type, etc. (login details)Our legitimate interest (Article 6 (1) (f) of the GDPR – maintenance and proper use of DeSmart IT systems)For the period until you submit an objection, subject to the need to process data until the end of the period necessary to establish, assert or defend claims
Replies to inquiries/contact requestsName and surname, company name, address, email address, telephone numberProcessing is necessary to perform the contract or take action at the request of the data subject before entering into the contract (Article 6 (1) (b) of the GDPR) Our legitimate interest (Article 6 (1) (f) of the GDPR)For the period necessary to perform the contract/service or guarantee and to pursue or defend related claims, i.e. for 10 years from the end of the year in which the contract was concluded or until the claims are time-barred or until you submit an objection, with subject to the necessity to process data until the end of the period necessary to establish, assert or defend claims
Receiving and considering complaintsName and surname, company name, address, email address, telephone number, and possibly other data necessary for identificationLegal Obligation of DeSmart (Article 6 (1) (c) of the GDPR) Performance of the contract (Article 6 (1) (b) of the GDPR)For the period necessary to perform the contract/service or guarantee and to pursue or defend related claims, i.e. for 10 years from the end of the year in which the contract was concluded or until the claims are time-barred or until you submit an objection, with subject to the necessity to process data until the end of the period necessary to establish, assert or defend claims
Employee recruitmentName and surname, company name, address, email address, telephone number, other personal data in your application, CV, certificates, diplomas, and other documents that you will attach to your applicationYour consent as a candidate (Article 6 (1) (a) of the GDPR) Processing is necessary to perform the contract or take action at the request of the data subject before entering into the contract (Article 6 (1) (b) of the GDPR). Our legitimate interest (Article 6 (1) (f) of the GDPR)For the period necessary to perform the contract/service or guarantee and to pursue or defend related claims, i.e. for 10 years from the end of the year in which the contract was concluded or until the claims are time-barred or until you submit an objection, with subject to the necessity to process data until the end of the period necessary to establish, assert or defend claims
Compliance with legal obligationsName and surname, company name, address, email address, telephone number, purchase historyThe legal obligation of the administrator (Article 6 (1) (c) of the GDPR in connection with the provisions in the field of accounting and tax obligations)For the period until you submit an objection, subject to the need to process data until the end of the period necessary to establish, assert or defend claims

Transfer of Personal Data to Other Parties

The recipients of your data will be our authorized employees and associates. They may also be third parties to which DeSmart will commission their processing in whole or in part. This may include, for example,
e-marketing vendors, hosting, technical support as well as other relevant tasks.

The entities mentioned above will process personal data only for the purposes indicated in the Privacy Policy and are obliged to adapt to its content. They are authorized to process personal data in the same way as DeSmart.

Your data may also be transferred to entities providing selected services to DeSmart (e.g. legal, marketing, accounting, advertising, IT, logistics services – to the extent necessary to provide these services).

In principle, your data is not transferred outside the European Economic Area (EEA), but some of the entities to which we may transfer data are based outside the EEA. We make every effort to ensure that the transfer of data is lawful and that appropriate safeguards are implemented. This includes in particular the use of standard contractual clauses approved by the Commission. You can contact us for a copy of the adopted security measures.

Company profile (fan page) on social media

DeSmart has profiles on social media: 

  • Facebook
  • Instagram
  • YouTube
  • Linked In
  • Google Ads

We publish and share on our profiles content, offers, and recommendations of our services and products. 

Social media controllers record user behavior through cookies and other similar technologies each time they interact with our profiles. Social media controllers have access to general statistics on the interests and demographic data (such as age, gender, region) of users visiting the profile. As part of the use of social media sites, the scope and purposes of data processing on social media sites are determined by the controllers of these sites.

Controllers of social media sites operate the entire IT infrastructure of their services, have their own privacy policies, and maintain their own relationship with you (if you are a registered user of the service of a given social media site). In addition, social media controllers are solely responsible for all issues related to your data on a user profile to which we, as DeSmart, do not have access.

For more information on the processing of your data by specific controllers of social media sites and the possibility of exercising your rights, see their privacy policies.

Please note that when using a specific platform, your data may be processed by its controllers on servers located in third countries, such as in particular the USA or the United Kingdom.

What are your rights concerning the processing of your data by us?

You have the following rights related to the processing of personal data:

  • right to access personal data,
  • right to request the rectification of personal data,
  • right to request the erasure of personal data,
  • right to request the restriction of the processing of personal data,
  • right to object to data processing,
  • right to transfer personal data, i.e. the right to receive your data from the Controller, in a structured, commonly used, machine-readable IT format. Thanks to this, it is possible to send this data to another data controller or request that the Controller send your data to another controller. However, only if such a message is technically possible. You have the right to transfer your data only with regard to the data that we process based on a contract or the basis of consent,
  • right to withdraw consent to data processing, i.e. to the extent that your data is processed based on consent, it is possible to withdraw consent to data processing at any time. Withdrawal of consent does not affect the lawfulness of the processing which was carried out based on this consent before its withdrawal. The consent may be withdrawn by sending a declaration of withdrawal of consent to the above correspondence address or e-mail address: [email protected],
  • right to complain to the supervisory authority, i.e. you also have the right to complain to the supervisory authority dealing with the protection of personal data, i.e. the President of the Personal Data Protection Office.

Automated decision-making

If you browse our Site or subscribe to our Newsletter or download our e-book, we analyze the data we have about you, i.e. the history of browsing our Site, the history of activity on our profiles in social media, determining whether the Newsletter or e-book has been opened. Based on this information, we assign you a personal profile relevant to the possibility of offering you our services or products. This analysis is carried out automatically, taking into account the actions you have already started or completed, the behavior of clicks on our Site or in the Newsletter (if subscribed), and does not influence your situation. This analysis has an impact on the selection of advertisements displayed when using the Internet and the selection of products offered to you to what, in our opinion, you may need. You can receive special offers via personalized e-mail, postal or internet advertising on your own or external channels (e.g. social media). 

It is our legitimate interest to get to know our clients, prepare their profiles and be able to offer information tailored to their individual preferences. 

If you do not agree with our assessment of the situation made in this way, you can submit a complaint to the address indicated in this Privacy Policy. 

Please provide information that you believe justifies our assessment inaccurate. You may also be asked for this information later.

Safety 

We conduct a risk analysis on an ongoing basis to ensure that personal data is safely processed by us – ensuring, above all, that only authorized persons have access to the data and only to the extent that it is necessary due to the tasks they perform. We make sure that all operations on personal data are registered and performed only by authorized employees and associates.

Our data security procedures include access security, backup systems, monitoring, system review and maintenance, security incident management, business continuity, etc.

Cookies and web beacons

On our Site, we use cookies that contain information that allows us to adapt the content to your needs, improve the operation of our Site and analyze motion on our Site.

Cookie files are IT data, including text files, which the web browser can send to the server each time you visit our Site and which are stored on the user’s end device.

Cookies contain, among others. such data as the name of the website they come from, the time of their storage on the user’s end device, and a unique number that was generated to identify the web browser you use to connect to the Site. Cookies often store information that is necessary for the proper functioning of the website. Cookies may also store a unique number identifying the user’s end device, on its basis, it is not possible to determine the user’s identity.

Our Site may also contain electronic images, otherwise called web beacons – sometimes also known as single-pixel gif images – that allow us to count visitors to the site. We may embed web beacons in promotional e-mail messages or newsletters to determine whether the message has been opened and to inform us whether the action it informs about has been taken.

We use the “cookies” mechanism to:

  • the proper functioning of the Site (technical cookies);
  • analytical – to analyze the behavior of users on our Site. By conducting such analyzes, we can observe trends in the interest of the Site visitors in the information we publish and improve the convenience of using the Site (analytical cookies); 
  • marketing – to promote some of our services, products, or events. We may use advertisements displayed on other websites. This type of cookie is used to make advertising messages more relevant and tailored to your preferences. Cookies also prevent the same advertisements from appearing again. These advertisements are used only to inform about the activities carried out (advertising cookies).

Technical cookies are necessary for the operation of the Site. For this reason, it does not require the consent of the user.

We use the following technical cookies: 

NameServicePurposeCookie expire time
PHPSESSIDContain a reference to a session (a visit to our site) stored on the webserver. Used to establish a user’s session, send data about session cookiesIt disappears when the browser is closed.
wordpress_test_cookieVerification of the possibility of saving the file in the user’s browser.Verification of the possibility of saving the file in the user’s browser.It disappears when the browser is closed.
wp-settings-time-[UID]Customizing files according to user preferences.Gives a picture of the user’s preferences in areas of the site.1 year

Analytical cookies are used only for internal purposes, namely to improve the services offered to all users. The cookies analyze the interaction of an anonymous user with the website (the collected data does not refer to a specific person). This data is not shared by us with third parties or used for other purposes.

Their application is based on the consent granted.

Once the consent is given, it may be withdrawn by appropriately adjusting your cookie settings. 

Legal basis – Art. 6 sec. 1 lit. a) GDPR (your consent).

We use the following analytical cookies:

NameServicePurposeCookie expire time
Google Analytics _gatTracking user interaction with the Site.Enabling the tracking of individual users and their use of the Site.2 years
_utmaGetting data on unique users.Identifying unique visitors to the Site.2 years
_utmbContinuing the user’s session.Generating cookies during user sessions while visiting DeSmart and other websites.30 minutes from the last activity on the Site
_utmzClick conversion tracking.The purpose of the file is to store and transmit information about the click-through rate of referral links, site searches, and calculation of search engine traffic.6 months

Advertising cookies 

Our cookies and cookies of our partners (e.g. Facebook Pixel, Instagram, Linked In, YouTube, Google Ads) are used to conduct marketing campaigns reaching you with our advertising messages if you have previously visited our Site. 

Their application is based on the consent granted. Advertising cookies will only be set and used with your prior expressed consent. They enable, among others personalized online advertising and enhanced analysis and evaluation options in terms of target audience and user behavior. Once the consent is given, it may be withdrawn by appropriately adjusting your cookie settings. 

Legal basis – Art. 6 sec. 1 lit. a) GDPR (your consent).

We use the following advertising cookies:

NameServicePurposeCookie expire time
Google and YouTube Ads (YSC)Advertisement profiling. It allows YouTube to collect information about the user’s browser and display profiled ads on this basis.until the end of the session
Facebook Ads (_fbp, fr)Advertisement profiling.Displaying site ads on Facebook (for people who have previously visited it) and profiling ads in terms of user behavior on the social channel.3 months
Linked In Ads (BizoData, BIzoID, UserMatchHistory, by cookie, lang)Advertisement profiling.Remembering the language version of the website selected by the user, browser security, and analysis of ads on LinkedIn.14 months

Disabling cookies

The Site user may set the browser to block certain types of “cookies” and other technologies, by specifying, for example, that only those necessary for the correct display of the page will be allowed. By default, most browsers allow the use of all “cookies”, but the user of the Site has the option to change these settings at any time, and can also delete already installed “cookies”. Each of the browsers allows such operation through one of the options available in the settings or preferences.

It is also possible to use the Site in the so-called incognito mode, which blocks the possibility of collecting data about visiting the Site.

Use of Social Media Plugins

If you use social bookmarks you will be sending identifiable information to the respective social media platform. Any comments or activity arising from persons using social bookmarks is not controlled or endorsed by DeSmart and DeSmart shall not be held responsible or liable for such.  

The Privacy Policy does not apply to any of the sites to which the link has been provided, not belonging to DeSmart. Whenever you open a link to other websites, you should exercise caution and read the website’s privacy policies in question. 

Changes to this Privacy Policy

This Privacy Policy may be modified. Any changes to this Privacy Policy are effective upon publication of the current version of the Privacy Policy on the Site. Using the Site after making changes to the Privacy Policy constitutes their acceptance. We recommend that you review the Privacy Policy regularly when visiting the Site. Last update of the Privacy Policy: 05.02.2022r.