Europe Union

Home Privacy Policy

Privacy Policy – DAC.digital SA

1. Introductory provisions

The Controller of the personal data collected in accordance with this Policy is DAC.digital SA with its registered office at ul. Kołobrzeska 14, 80-394 Gdańsk, registered in the National Court Register kept by the District Court Gdańsk-Północ in Gdańsk, VII Economic Department of the National Court Register, under the number 0000598506, with the share capital of PLN 121,038.80, fully paid up, with the NIP number: 5842746524. Contact information at e-mail:[email protected].

2. Definitions

For purposes of this Policy, the following definitions mean:

  1. Controller/DAC – means DAC.digital SA with its registered office at ul. Kołobrzeska 14, 80-394 Gdańsk, registered in the National Court Register kept by the District Court Gdańsk-Północ in Gdańsk, VII Economic Department of the National Court Register, under the number 0000598506, with the share capital of PLN 121,038.80, fully paid up, with the NIP number: 5842746524.
  2. Personal data – means information about an identified or identifiable natural person. An identifiable natural person is the one who can be identified directly or indirectly, in particular by an identifier such as a name, an identification number, location data, an Internet identifier or one or more specific factors that determine the physical, physiological, genetic, psychological, economic, cultural or social identity of the natural person.
  3. Newsletter – means an online newsletter, sent out systematically to Users who have agreed to it.
  4. Processing of Personal Data – means an operation or set of operations performed on Personal Data or sets of Personal Data in an automated or non-automated manner, such as collecting, recording, organizing, structuring, storing, adapting or modifying, retrieving, viewing, using, disclosing by sending, disseminating or otherwise making available, matching or linking, limiting, deleting or destroying.
  5. Regulation or GDPR – means Regulation (EC) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
  6. Website – means the website operated by DAC at www.dac.digital.
  7. User, Users – means any person who uses the services offered by the Website.

3. Scope of collection of Personal Data

DAC makes every effort to ensure that Personal Data are processed in accordance with applicable laws and regulations and are protected from loss, destruction, disclosure, unauthorized access or misuse. DAC guarantees the confidentiality of any data provided to it, by taking effective security measures of safety and protection of Personal Data. Where there is a suspicion that your Personal Data are not adequately secured or if there is evidence of abuse, please contact us at the e-mail address indicated in §1.

4. Purpose of Personal Data processing

  1. In each case, the purpose, scope and recipients of the Personal Data processed by DAC result from the User’s consent or the law, and are further specified as a result of the actions taken by the User on the Website or through other channels of communication with the User.
  2. Possible purposes for the collection and processing of Users’ Personal Data by DAC:

a. conclusion and execution of the service agreement and receiving and processing of complaints:

i. The main purpose of DAC’s processing of Personal Data and other information is to provide services to Users, maintain the Website, and ensure safe and guaranteed service performance.

ii. In addition to the data marked “mandatory”, the provision of other data is voluntary.

iii. The legal basis for the processing shall be Article 6(1b) of GDPR (necessary for the performance of the agreement for the provision of services by electronic means).

b. securing of claims

i. For the purpose of establishing, pursuing and enforcing of claims, DAC may process certain Personal Data provided by the User, in particular name and surname, contact data (e-mail address, telephone number), data on the use of services/Website and other data that will be necessary to prove the existence of a claim, its enforcement and defense against claims in proceedings before courts and other state bodies.

ii. The legal basis for data processing is Article 6(1f) of GDPR, i.e. DAC’s legitimate interest. Data in this regard are processed for the statutory period of limitation of claims.

iii. However, the processing of data shall only include storage of the data to the exclusion of any other operations on the data, subject to different obligations of DAC indicated in the applicable regulations or imposed on DAC by authorized bodies.

c. creation of statistics on the use of the Website, profiling:

i. DAC monitors the quality of its services because it is committed to meeting Users’ expectations. For this purpose, statistics are kept on the use of individual functions and sub-sites of the Website with use of the internal analytical tools, and statistical tools provided by partners providing analytical services.

ii. The User of the Website may agree to process the Personal Data provided by him/her for the purpose of advertising, market research as well as for studies of the behavior and preferences of Users, with the results of such research being used to improve the quality of services provided by the Website. Lack of consent does not affect the rights and obligations of the User.

iii. In order to realize this purpose, data on the User’s activity on the Website (e.g. sites and sub-sites of the Website visited by the User, the amount of time spent on the Website, the User’s IP address, location, device ID and data on the browser and operating system used by the User) are processed.

iv. The Controller, in order to develop the services it offers, may use profiling in some cases. Profiling means automated data processing, which involves the use of User’s data to evaluate selected factors specific to the User in order to analyze the User’s behavior or to make a forecast for the future. This allows the Controller to better tailor the services it offers to the individual preferences and interests of the User.

v. Thanks to this technology, the Controller can not only present the User with advertising tailored to the User, but also, from among the available offers, present primarily those that will best suit the User’s needs. The information collected and contained in cookies may be stored after the end of the browser session which allows, for example, their use during the User’s next visit. The legal basis for data processing is Article 6(1a) of GDPR, i.e. the User’s consent.

d. Marketing:

i. The Controller processes Users’ Personal Data in order to carry out marketing activities, which may include:

  • displaying marketing content to the User that corresponds to the User’s interests (behavioral advertising);
  • carrying out other types of analytical and statistical activities and activities related to direct marketing of services (sending commercial information by electronic means, and telemarketing activities);

ii. Detailed legal grounds for processing data for marketing activities are indicated in the section on Cookies.

e. Newsletter:

i. The User may give the Controller permission to process his/her Personal Data in the form of an e-mail address and telephone number for the purpose of direct marketing of the Controller’s services, during and after the provision of the services. Giving consent to data processing is voluntary.

ii. The User may give the Controller permission to process his/her Personal Data in the form of an e-mail address and telephone number for the purpose of direct marketing of the Controller’s services, during and after the provision of the services. Giving consent to data processing is voluntary.

iii. Providing Personal Data is necessary for the User to use the Newsletter service. Failure to provide data will result in the User’s inability to use the Newsletter service.

iv. The User may cancel the Newsletter service at any time by revoking his/her consent. For this purpose, it is sufficient to send information to the contact (e.g. e-mail) listed in paragraph X, clause 2 of the Policy.

v. The legal basis for the provision of the Newsletter mailing service is that the processing is necessary for the performance of the agreement (Article 6(1b) of GDPR). In the scope of data provided optionally, the legal basis for processing is consent (Article 6(1a) of GDPR), and in the case of directing marketing content to the User via the Newsletter it is the legitimate interest of the Controller (Article 6(1f) of GDPR), in connection with the User’s consent to receive the Newsletter.

f. Communication:

i. The Controller may communicate with the User by an e-mail, messages in social media channels, by phone or classically through letters and packages.

ii. The User may at any time contact the Controller directly by sending an appropriate message in writing, by an e-mail to the Controller’s address indicated in paragraph I of the Policy, and by telephone contact at the telephone number indicated at the beginning of the Policy.

iii. The Controller stores correspondence with the User for statistical purposes and for the best and fastest possible response to emerging inquiries, as well as for the resolution of complaints, and in order to take possible decisions on administrative interventions made on the basis of notifications in the indicated account. Addresses and data thus collected shall not be used to communicate with the User for any purpose other than the execution of the application.

iv. When the User contacts the Controller to perform a given action (e.g., filing a complaint), the Controller may again ask the User to provide data, including personal data, e.g., in the form of name, surname, e-mail address, etc., in order to confirm the User’s identity and to contact back with the User on the respective matter. The above applies to the same data, including personal data, which were previously provided by the User, and to the processing as to which the Customer has consented. Provision of this data is not mandatory but may be necessary to perform an action or obtain information of interest to the User.

5. Cookies

1. We declare that we process data on the connection of your terminal device to the technical infrastructure of our website and that we use “Cookies”. These data are aggregate and anonymous – they do not contain characteristics that identify specific individuals.

2. Cookies are IT data, in particular text files sent by Us to your terminal equipment and stored there. Cookies can only be read by Us.

3. During your visit to our site, data about your visit may be automatically collected, and include information on the domain name of the website from which you were referred to our site, your browser type, operating system type, IP address, your ID. In addition, we may process operational data or location information about the device used to access our site.

4. Cookies allow Us, among other things, to ensure the proper functioning of the site, improve the speed and security of your use of the site, to improve the features you use, and to use of marketing tools.

5. Please be advised that restrictions on the use of Cookies may affect some of the functionality available on our site or prevent you from using it.

6. We declare that Our use of Cookies does not cause any configuration changes in your terminal device or in the software installed on it.

7. We use the following Cookies: necessary, statistical and personalization Cookies as well as functional and advertising Cookies.

8. We use the necessary Cookies mainly to provide you with the services and functionalities you want to use. Necessary Cookies may be installed by Us through the site. These Cookies are necessary for the functioning of the website and cannot be disabled. They are usually set only in response to actions you take that involve inquiries for services, such as setting privacy preferences or filling out forms. They also include basic visitor counts, which are needed for Our services. You can set your browser to block these Cookies or to warn you about them, but some parts of the site will then not work. These Cookies do not store any of your personal information. The legal basis for data processing in the use of necessary Cookies is the necessity for the performance of the agreement (Article 6(1b) of GDPR).

9. We use functional Cookies to remember and customize the site according to your choices. These Cookies allow Us to ensure greater functionality and personalization of the services provided. These Cookies may be set by Us or by third-party providers whose services have been added to Our websites. If you do not allow these Cookies, some or all of these services may not function properly. Processing of data related to the use of functional Cookies requires your consent. Such consent can be withdrawn at any time via our site settings.

10. We use statistical and personalization Cookies to obtain information on the number of visits and sources of traffic on Our site. These files are processed in order to improve the performance of Our site, to develop, test and improve the services provided, as well as to solve related problems. These files are aggregated and are not intended to establish your identity. The files help to determine user behavior in order to provide relevant and personalized content. Such files may be installed through our site by Us and by Our partners. The legal basis for the processing of data in the use of analytical Cookies is our legitimate interest (Article 6(1f) of GDPR), which is to ensure the highest quality of services provided through our website.

11. We also use advertising Cookies that allow Us to tailor the content we display to your interests through our website. These Cookies may be used to build a profile of your interests and display relevant ads on other sites. They do not directly store personal data, but rely on the unique identification of the browser and Internet equipment. If you do not allow to use these Cookies, you will experience less targeted advertising. Such files may be installed by Us and by Our trusted partners. The legal basis for data processing in the use of advertising Cookies is the User’s consent (Article 6(1b) of GDPR). Such consent can be withdrawn at any time via our site settings.

12. We also process Personal Data of Users visiting profiles maintained by Us on social media (Facebook, LinkedIn, Instagram, Twitter, YouTube). The data are processed exclusively in connection with the operation of the profile, including the purpose of reporting on Our activities and promoting various events and services. The legal basis for processing of your personal data is your consent (Article 6(1a) of GDPR).

13. For more information on the cookies used by the aforementioned entities, please refer to their privacy policies.

14. You can give your consent to Cookies by using the Cookies settings. Using the “Accept All” or “Customize” buttons, you can give the appropriate consents and also manage your preferences.

15. You can revoke the consents you have given at any time.

6. Possible recipients of the Users’ Personal Data

1. In order to provide services and ongoing maintenance, User’s data may be transferred to specialized entities for processing. Data may be entrusted in particular to:

a. IT service providers,
b. marketing agencies, marketing partners and marketing platform providers,
c. cloud service providers,
d. providers of data analysis services,
e. consultants, lawyers, accountants and other professional service providers,
f. entities affiliated with the Controller personally and by equity, which help the Controller to provide services or perform data processing tasks on the Controller’s behalf,
– in which case such entities process data on the basis of an agreement concluded with the Controller and only in accordance with the Controller’s instructions.

2. Based on the User’s voluntary consent to the processing of the User’s Personal Data (personal data stored in Cookies on the User’s device and in the User’s cache, including data provided in the browsing history and data collected during the User’s activity on the Website, and location data generated by the User’s device), data may by provided for marketing purposes including automated analysis of the User’s activity on the websites in order to determine potential interests for tailoring advertising.

3. The Controller also provides Users’ data to authorized state bodies if they request the Controller to provide data in connection with their tasks. These may include, in particular, organizational units of the prosecutor’s office, the police, the General Inspector of the Personal Data Protection (in the future, the President of the Personal Data Protection Office), the President of the Office of Competition and Consumer Protection or the President of the Office of Electronic Communications.

7. Transfer of data to third countries (outside the European Economic Area)

1. In the course of the Controller’s use of tools supporting its day-to-day business operations, Personal Data, if necessary, and with an appropriate degree of protection, may be transferred outside the European Economic Area (EEA). If this situation occurs, Personal Data will be transferred only to recipients who guarantee the highest protection and security of the data, among others by:

a. use of standard contractual clauses issued by the European Commission,

b. application of binding corporate rules approved by the relevant supervisory authority,

c. cooperation with processors of personal data in countries for which a relevant decision of the European Commission has been issued in regard to the determination of ensuring an adequate level of Personal Data protection.

2. The Controller’s Trusted Partners are mostly located in countries of the European Economic Area (EEA) or in Switzerland, recognized as a country that meets an adequate level of Personal Data protection. Some of the Controller’s Trusted Partners, e.g. Google or Facebook, are based outside the EEA. In connection with transfer of the User’s data outside the EEA, the Controller verifies that the Trusted Partners provide a guarantee of a high level of Personal Data protection. Such guarantees arise in particular from the obligation to use standard contractual clauses adopted by the Commission (EU), in accordance with the wording of Article 46(2) of GDPR.

3. The User have the right to request, by directing the request to the address indicated in §1 that the Controller shall provide him/her with a copy of the standard contractual clauses.

8. The retention period for Personal Data

1. The Controller guarantees that the Personal Data will be kept only for the time necessary to fulfill the purposes for which the data were collected.

2. Data will be kept as long as it is needed by the Controller to provide services to Users.

3. The retention period for Personal Data is determined on an individual basis and depends on, among other things, the nature of the data or the reason for its collection and processing. After this time, the data are deleted or anonymized in such a way that it is not possible to determine the identity of the User.

4. Personal data will be processed until there is a basis for processing, i.e.:

a. if consent has been given, until it is revoked, restricted, or in the event of other actions on the part of the User that limit such consent,

b. in the case of the necessity of the data for the performance of the agreement, for the duration of its performance and until the expiration of the statute of limitations for claims under this agreement (3 or 6 years). The beginning of the period is calculated from the date the claim is due,

c. where the basis for data processing is the legitimate interest of the Controller, until the User raises an effective objection,

d. for tax and accounting purposes to the extent and for the duration consistent with applicable regulations.

9. Inspection and correction of stored Personal Data

1. In connection with the Controller’s processing of Personal Data, Users have the following rights:

a. the right to request access to individual Personal Data, rectification, deletion or restriction of processing,

b. the right to object to processing,

c. the right to portability of Personal Data,

d. the right to withdraw consent to the processing of Personal Data for a specific purpose, if the User has previously given such consent,

e. the right to lodge a complaint with a supervisory authority in connection with the Controller’s processing of the User’s Personal Data.

2. Users may exercise the above rights in accordance with the rules described in Articles 16 – 21 of GDPR by sending a message to the e-mail address indicated in §1.

3. All applications received shall be treated with special attention and completed as soon as possible. In the case of certain requests (of a complex nature or concerning data processing burdened with special legal regulations), the processing time may be prolonged, but in any case, within one month, the User shall be informed about the actions that the Controller has taken to complete the request. In providing a response and in order to ensure that the Controller will properly complete the request, the Controller reserves the right to verify the identity of the User.

10. Security

The Administrator shall apply technical and organizational measures to ensure the protection of the processed Personal Data appropriate to the risks and categories of data under protection, and in particular shall protect the data from unauthorized access, processing in violation of applicable regulations, and from alteration, loss, damage or destruction, such as, but not limited to:

  1. securing the dataset against unauthorized access,
  2. SSL certificate on the pages of the Website, where Users’ data are provided.

11. Final provisions

1. For Policy issues, please contact us at [email protected].

2. DAC reserves the right to change the Policy in the future – this may occur, among others, for the following important reasons:

a. changes in applicable laws, in particular in the area of personal data protection, telecommunications law, provision of services by electronic means law and in provisions regulating consumer rights, affecting the rights and obligations or the rights and obligations of the User;

b. development of electronic functionality or services dictated by advances in Internet technology, including the use/implementation of new technological or technical solutions, affecting the scope of the Policy.

3. If the Policy is changed, its new content will be announced at www.dac.digital. The new version of the Policy enters into force on the date of its promulgation.

4. In case of doubt or contradiction between the Policy and the consents given by the User, regardless of the provisions of the Policy, the basis for taking and determining the scope of actions by the Controller shall always be the consents voluntarily given by the User or provisions of the law.

5. To the extent not regulated in the Policy, the provisions of GDPR and the mandatory laws of the Republic of Poland shall apply.

6. The Policy was drawn up in two language versions: Polish and English In case of discrepancies between language versions, the Polish language version shall prevail.

7. The competent court for disputes arising out of the application of the Policy shall be the court having jurisdiction over the seat of DAC, if exclusive jurisdiction does not apply. 

8. The Website may contain links to other websites. DAC urges that when you go to other sites, read the privacy policy established there, including the advertiser’s privacy policy. This Policy applies only to designated DAC activities.

9. The policy comes into force on 19.07.2023.

Got question or enquiry?
Leave your email address and we'll be in touch soon.