1. The Personal Data Controller for the website https://followyst.com, hereinafter referred to as the Website, is the company Fusion Core sp. z o.o., with the following registered address: Jaworowa 16/A23, 43-300 Bielsko-Biała, registered in the Register of Entrepreneurs of the National Court Register by the District Court for Bielsko-Biała, VIII Commercial Division of the National Court Register, under KRS number: 0000835142, Tax ID (NIP): PL5472218186, REGON: 38583370100000.
  2. With respect to your rights as personal data subjects (i.e. people to whom the data relates) and with respect to the mandatory rules of law, including especially the Regulation of the European Parliament and the Council (EU) 2016/679 of 27 April 2016 on protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/WE (General Data Protection Regulation), hereinafter referred to as GDPR, the Personal Data Protection Act of 10 May 2018 (Dz. U. 2018, item 1000, hereinafter referred to as the Act), and other relevant personal data protection regulations, we commit to maintain security and confidentiality of all personal data gathered from you. All our employees have been properly trained in personal data protection and, as the Personal Data Administrator, we have introduced new security measures, as well as technical and organisational means, in order to ensure the highest possible level of personal data protection. We have introduced appropriate procedures and policies to process personal data in accordance with GDPR, so that personal data processing occurs lawfully and reliably and you, as the persons to whom the data relates, may execute all your relevant rights. Additionally, if needed, we cooperate with the regulatory body within the territory of the Republic of Poland, i.e. the President of the Data Protection Authority (hereinafter referred to as PDPA).
  3. Our Website collects the following personal data:
    1. e-mail address – also serving as account login, is being processed for the purposes of logging into the Website. The e-mail address is also used for the purposes of communication between the Administrator and Website users. Answers to questions, password change forms or service invoices shall all be issued or sent to the specified e-mail address. Moreover, if consent for sharing marketing materials has been granted and you are subscribing to our newsletter, the e-mail address shall also be used to send trade informations and news relating to our Website.
    2. name and surname – may be processed when you share them with us as e-invoice data or send them via e-mail, e.g. in order to file a complaint or ask any questions on provided services.
    3. phone number – may be processed when you share it with us as e-invoice data or send it to us via e-mail.
    4. NIP or other tax IDs – we collect the tax ID from entrepreneurs and customers requesting us to issue an invoice, providing the requestor has a NIP/tax ID of any kind,
    5. IP address of a device or browser – the general information relating to the usage of Internet-based connections, such as IP addresses (and other information stored in system logs), are used for technical or statistical purposes, especially in terms of collecting general demographic data (e.g. about the region from which a connection originates),
    6. other data may be collected within the scope of conducting other matters, or may be provided by you, as users of our website, via e-mail or traditional mail.
  4. Sharing the above listed data is mandatory in cases described above, including especially:
    1. in order to use the services provided via our Website,
    2. in order to process the services ordered via our Website,
    3. in order to answer questions or enable contact via e-mail or traditional mail.
    4. in order to enable registering (creating an Account) on our Website; in such cases we store your data to facilitate future use of services provided via our Website until the registration is cancelled (Account is deleted),
    5. in order to execute the newsletter service (subscription) – if you want to be informed of interesting events and marketing offers, you may subscribe to our newsletter; the subscription is not mandatory and you may unsubscribe at any time.
  5. Our Website utilizes the Cookies technology to match its functionality to your individual needs. You may therefore consent to having your entered data and information saved, so that they may be later on used on subsequent visits to the Online Shop website without having to enter them again. Owners of other Websites will not have access to this data and information. If, however, you do not agree to personalization of the Website, you may disable the Cookies in your Internet browsers.
  6. Anyone using our Website may choose whether and how they wish to use our services and share their data and information within a certain scope, as per this Privacy Policy.
  7. As per the rule of minimizations, we only process the categories of personal data that are considered necessary to achieve purposes specified in point 3 and 4 above.
  8. We shall process the personal data only for however long it is necessary to achieve purposes specified in points 3 and 4 above. Personal data may be processed for longer periods of time in cases where it is sanctioned or enforced on the Administrator by the mandatory rules of law, when the Administrator is legally justified in doing so, as per points 10.c below (i.e. for periods of lapsed claims or proceedings finalization, if the proceedings had been started within the lapse period), or when the provided service is continuous (e.g. newsletter subscription).
  9. The source of the personal data processed by the Personal Data Administrator are the persons to whom the data relates. At the moment of the first contact with our users (before accounts is created), relevant data (marked as public) is downloaded from instagram.com.
  10. The legal basis for processing your personal data is:
    1. art. 6.1.b of the GDPR, i.e. processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, or
    2. art. 6.1.c of the GDPR, i.e. processing is necessary for compliance with a legal obligation to which the Administrator is subject, or
    3. art. 6.1.f of the GDPR, i.e. legitimate interests pursued by the Administrator, such as determining, demanding, or defending claims, until they lapse or until the relevant proceedings are completed, if they were initiated within that period, or
    4. art. 6.1.a of the GDPR, i.e. your consent to the processing of personal data for one or more specific purposes, when other legal bases for data processing are not applicable – e.g. for the newsletter service.
  11. Personal data is being transferred to a third country, as a result of us using external servers located outside of the EEA. The data is secured by measures described in the chapter V of the GDPR.
  12. No personal data is shared with any third parties without express consent of the person to whom the data relates. Personal data may be shared without the consent of the person to whom it relates only with legal public bodies, i.e. government and administrative bodies (e.g. tax offices, judicial authorities and other entities with a mandate stipulated by the relevant mandatory rules of law).
  13. Personal data may be shared with entities that process the data on our request, i.e. on the request of the Personal Data Administrator. In such cases, as the Personal Data Administrator, we conclude a contract for personal data processing with such an entity. The processing Entity processes the shared personal data solely for purposes specified in the aforementioned contract. It would not be possible for us to conduct our business on the Website without sharing your data with processing parties. As the Personal Data Administrator, we share the personal data for processing with the following entities:
    1. providing hosting services for the Website,
    2. providing other services necessary for current functioning of the Website.
  14. Your personal data shall be profiled (as per the GDPR), if, as a Followyst App User, you consent to such profiling. The Administrator shall profile the data within the scope of actions requested via the App. The profiling is meant to facilitate adjustments and matching of requested actions to your needs and preferences.
  15. According to the GDPR, each person whose personal data is being processed by the Personal Data Administrator has the right to:
    1. be informed of the personal data processing, as per art. 12 of the GDPR,
    2. access their personal data, as per art. 15 of the GDPR,
    3. correct or update the personal data, as per art. 16 of the GDPR,
    4. delete their data (the right to be forgotten), as per art. 17 of the GDPR,
    5. limit the processing, as per art. 18 of the GDPR,
    6. transfer the data, as per art. 20 of the GDPR,
    7. object to the processing of their personal data, as per art. 21 of the GDPR,
    8. in cases of legal bases, as per point 10.d above — the right to withdraw one’s consent at any time, without affecting the legality of the processing conducted on the basis of the previously given consent,
    9. restrict profiling, as per art. 22, relating to art. 4 of the GDPR,
    10. file a complaints to a supervisory body (i.e. to the President of the Data Protection Authority), as per art. 77 of the GDPR,
    subject to the rules of using and realizing such rights, as per the GDPR.
  16. Should you wish to exercise any of your above-mentioned rights, please send us an e-mail or a traditional mail to the address specified in point 17 below.
  17. Any questions, requests or complaints relating to personal data processing by the Administrator, hereinafter referred to as Applications, should be sent via e-mail to the following e-mail address: support@followyst.com, or in writing to the following address: Fusion Core sp. z o.o., ul. Jaworowa 16/A23, 43-300 Bielsko-Biała, Poland.
  18. The Applications should clearly specify:
    1. the data of the person or persons to whom the Application relates,
    2. the event that the Application relates to,
    3. the filed requests and their legal basis,
    4. the desired means of solving the issue.
  19. Each ascertained instance of security breach is documented, and should any of the events, as described by the GDPR or the Act, occur, the persons to whom the data relates, as well as the PDPA, if applicable, shall be informed of it.
  20. The provisions of this Privacy Policy are to be reasonably applied to all subjects, with whom we retain legal relationships, and with regards to whom we are a Personal Data Controller.
  21. All matters not regulated by this Privacy Policy shall be regulated by the relevant mandatory rules of law. Should any of the provisions of this Privacy Policy not comply with the above-mentioned rules of law, the rules of law shall take precedence.
en_USEnglish
pl_PLPolski en_USEnglish