PRIVACY POLICY

1. Definitions and general information

If you use our website or the services offered through it, including e-consultations, we collect and process your personal data. This privacy policy describes the principles and purposes of the processing of this personal data, as well as providing information about cookies and similar technologies that we use on the website.

The following terms have the following meanings:

term

explanation

administrator or us

The controller is the entity that determines the purposes and means of the processing of personal data and is responsible for, among other things, an adequate level of protection and the exercise of the rights of data subjects.

The controller of your personal data obtained in connection with your use of the website or the services offered through it, including e-consultation, is us, namely:

Finture Sp z o.o. with its registered office in Warsaw (10 A Skierniewicka Street, 01-230 Warsaw)

personal data

any information about an identified or identifiable natural person (i.e. a living person); an identifiable natural person is one who can be identified, directly or indirectly, including, but not limited to, an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a person

the data subject

any natural person whose personal data is processed by the Administrator in connection with the Administrator's business, e.g. a person who is bound by a contractual agreement with the Administrator or who sends the Administrator an e-mail enquiry.

Cookies

IT data which are stored in the terminal equipment and which contain data on the use of the Website by the User.

privacy policy

this privacy policy

GDPR

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

service or platform

Ty lub użytkownik

każda osoba fizyczna, która odwiedza stronę lub korzysta z usług oferowanych za jej pośrednictwem.

2. Purposes and grounds for our processing of personal data

We may process your personal data for different purposes and on different legal bases - depending on the functions of the service. For example, we may process your data to carry out marketing activities, market and statistical analyses, to improve the quality of our services or to comply with our legal obligations.

We describe the details below. 

area

purpose and basis of processing

use of the service

We use cookies or similar technologies on this website. Accordingly, as a controller, we process information that may be considered as personal data (such as e.g. IP address, internet identifiers, data about your device, data about your activity on the website). We process this information for the following purposes:

  • providing you with access to the website - the legal basis for the processing is the necessity of the processing for the performance of the service (Article 6(1)(b) RODO);

You can find more information about cookies later in this privacy policy.

We record your activity within the website in so-called system logs (a special computer program used to keep a chronological record containing information about events and activities that relate to our IT system/our platform). The information collected in the logs may include information that is personal data(e.g. IP address, data of your device). We process this information primarily for purposes related to the provision of our services through the platform (Article 6(1)(b) RODO). We also process it for technical, administrative purposes (e.g. error detection) and for the purposes of ensuring the security of our IT system/platform (e.g. detection of network attacks) and the management of this system/platform, as well as for analytical and statistical purposes - in this regard, the legal basis for the processing is our legitimate interest (Article 6(1)(f) RODO) to ensure the correct operation of the service and its improvement and to protect our business interests. 

contact form

We provide the possibility to contact us by means of an electronic contact form provided on the website. When using this form, you will be asked to provide the required personal data (e.g. name, e-mail address). This data is necessary in order to receive and handling your enquiry and enabling us to contact you. You provide the data voluntarily, but it is not possible to send an enquiry without providing this data. You may also voluntarily provide us with other personal data (e.g. your telephone number) to facilitate contact and handling of your enquiry.

We process the personal data provided in the contact form in order to identify the sender and to handle the enquiry. The legal basis for the processing is our legitimate interest (Art. 6(1)(f) RODO), consisting of responding to and providing support to users.

In some cases (e.g. if you make a complaint), we may also process the data contained in the complaint form in order to establish, assert or defend against claims. The basis for the processing is our legitimate interest (Article 6(1)(f) RODO) in protecting our rights and property interests and resolving a possible dispute with you, as well as responding to your complaint.

direct marketing

We conduct our marketing activities taking into account the legal regulations applicable to us, including respecting restrictions or prohibitions on advertising and promotions. We do not use your sensitive data (special categories of data within the meaning of Article 9 RODO) for marketing purposes.

Sending marketing content

When using the platform, you may optionally agree to receive from us, via the communication channel of your choice (e.g. email, SMS or similar electronic means) our offers, information about promotions, news and similar marketing content relating to the platform and our activities. The legal basis for the processing is your consent (Article 6(1)(a) RODO). The content you receive may be tailored to you (e.g. based on your locality, gender or age group).

Internet marketing

We may also - within the limits allowed by law - inform you about our activities using internet marketing tools (e.g. banners on other websites). For this purpose, we may use information collected in connection with your use of our platform (e.g. information that you are a customer may be used to optimise our online information campaigns). The legal basis for such processing is our legitimate interest to inform you about our business and our services (Article 6(1)(f) of the RODO).

We may use marketing partners such as Google, Microsoft or Meta (Facebook) to display our tailored campaigns to you based on information collected during your use of the platform, including through cookies, if you have consented to their use. The basis for such processing is your consent (Article 6(1)(a) of the RODO). Please see the cookies section of the privacy policy for more information.

Custom audiences

We may target our campaigns on social media platforms (e.g. Facebook) or platform providers such as Google to a specific audience (so-called custom audiences). For this purpose, we use various technologies, such as, for example, a tracking pixel, the collection of information about user activity on our profile (company page) on the social platform or we provide the operator of the respective platform (e.g. Meta) with a secure file with some of our users' data. This includes, among other things, email addresses or telephone numbers, so that a platform operator such as Meta can identify you as a user of our platform (data matching). For example, if we want to display our campaigns on Facebook to people who are already our customers, we provide the Facebook operator (Meta) with a secured list with the necessary data; if our customers are Facebook users, our campaign will be displayed to them. In the same way, we can exclude all or some of our customers from being targeted by the campaign. The personal data transferred is adequately secured.

Meta (Facebook)

On the platform, we use tools provided by Meta Platforms Ireland Ltd, such as the Meta pixel and event analytics on the mobile app and service. For example, when you visit the platform, the Meta pixel sends Meta information about this. This allows us to better tailor our campaigns on the Facebook platform and test their effectiveness. It also allows us to obtain analytics and measurements from Meta about our products and services.

We are jointly responsible for data collection and processing with Meta Platforms Ireland Limited (co-administration).

This includes the following purposes:

  • creation of personalised or relevant advertising and its optimisation. 

Establishment, investigation, enforcement of claims

ESTABLISHMENT, INVESTIGATION, ENFORCEMENT OF CLAIMS In this case, certain personal data provided by the User in the context of the use of the functionalities on the Website may be processed, such as name, surname, data on the use of the services, if the claims arise from the way the User uses the services, other data necessary to prove the existence of the claim, including the extent of the damage suffered. Legal basis - legitimate interest (Article 6(1)(f) RODO) to establish, assert and enforce claims and to defend against claims in proceedings before courts and other state authorities.

Recruitment

RECRUITMENT Within the "Career" tab, the Administrator provides information about its employment policy and recruitment processes. In the event that the User decides to participate in the recruitment process conducted by the Administrator, it from the outset, it is expected by the Administrator that personal data, that personal data (e.g. in a CV or a resume) are expected to be provided by the candidates only to the extent which is an integral part of the labour legislation. in order to carry out the recruitment process to the extent of data not required by law - the legal basis for processing is consent (Article 6(1)(a) RODO).

Company profile on social media

If you visit our profile (company account/company website) on a social media platform such as Facebook (https://www.facebook.com/finturecom), LinkedIn (https://www.linkedin.com/company/finturecom), and interact with us (e.g. by adding to followers, leaving comments, likes), we process your personal data.

The scope of the personal data we process includes data you provide to us yourself as well as data we obtain from the operator of the respective platform, including data such as, for example, your identifier on the social media platform (name or profile name), profile picture/avatar, etc. The provision of data is voluntary, but without providing such data you cannot use certain functions of the social platform (e.g. add a comment, write a message to us).

Independently of us, the platform operator processes your personal data in order to provide you with the services of that platform, in accordance with its terms and conditions of use. Please read the terms of use/conditions of use and privacy policy/processing notice applicable to the platform you are using. When browsing our website, you will find links pointing to our profiles (company accounts/pages) on social media platforms. When you click on a link, you will be redirected to our profile (account/company page) which we operate on the selected platform. Once you have been redirected to such a platform, the operator of the platform in question is also the controller of your personal data and may use the information collected for its own purposes (e.g. it may use the information that you have moved from our service to the social platform for e.g. advertising purposes, market research or collecting information about your preferences).

We have no control over the processing of personal data that the platform operator performs independently of us, as a separate controller. You can find detailed information about the processing of personal data by social media platforms and find their privacy policies:

 

Facebook, LinkedIn

If you use our profile (company page) on these platforms or related content, we process your personal data. The data we process may include:

  • your username
  • comments posted on our company website;
  • comments posted on our company website;
  • activity on our company website (thanks to the "Audience Insights" service we use), e.g. visits to our company website, posts, average duration of video views, information on the country and city from which visitors come, statistics on visitor payments;
  • other information necessary to fulfil requests or to uniquely identify visitors.

The operator of the Facebook and Instagram platforms is Meta Platforms Ireland Limited (Serpentine Avenue, Block J, Dublin 4, Ireland - hereinafter "Meta"). Meta processes your personal data in accordance with its privacy policy, which is available at

 

Co-administration with Meta

We use statistical information related to the use of our Facebook profile (company page), which Meta provides to us in anonymised form, including through the "Audience Insights" service. This service does not allow us to attribute information to individual users or to access their individual profiles. For more on Facebook business page statistics, please visit:

https://www.facebook.com/legal/terms/information_about_page_insights_data.

We are joint controllers of your personal data with with Facebook operator Meta (Meta Platforms Ireland Limited, Serpentine Avenue, Block J, Dublin 4, Ireland) with regard to the processing of data for the purposes of site statistics (data for statistics). Co-administration includes the aggregate analysis of the data for the purpose of displaying statistics on user activity on our profile.

 

Meta's responsibilities with regard to the processing of data in the context of co-administration are:

  • to have a legal basis for processing data for site statistics;
  • ensuring the exercise of data subjects' rights;
  • reporting violations to the supervisory authority and notifying those affected of the incident;
  • ensuring that appropriate technical and organisational measures are in place to ensure the security of your data.

 

The scope of our responsibility for data processing in the context of co-management is:

  • to have a legal basis for processing data for site statistics;
  • fulfilment of information obligations with regard to the purposes of the processing carried out by us.

 

The main supervisory authority for joint processing is the Irish Data Protection Commission. Details of the mutual arrangements between the joint controllers are available at

https://www.facebook.com/legal/terms/page_controller_addendum.

In connection with the operation of profiles (company pages) on the platforms, we may process your personal data for purposes for which we have a legitimate interest (Article 6(1)(f) RODO), consisting of:

  • maintaining a profile on a social networking site, in accordance with the rules laid down by the operator of that site;
  • running marketing campaigns on the site,
  • providing information about our business through our profile;
  • building and strengthening relationships with potential and existing customers through communication via the social network;
  • conducting analyses and statistics on the functioning, popularity and use of our profile;
  • to establish, assert and defend against possible claims relating to the use of the profile.

Collection of counterparty data

If you are our contractor or a contact person acting on behalf of a contractor, we may process your personal data - most commonly this will include your name, email address, telephone number, business or function details. We need this data in order to keep in touch with you, to prepare and enter into a contract, and then to perform and settle the contract. In such cases, the basis for the processing is the concluded contract or the activities aimed at concluding the contract - pursuant to Article 6(1)(b) of the RODO - or our legitimate interest, which is to ensure efficient cooperation and fulfilment of contractual obligations (Article 6(1)(f) of the RODO).

Your data may also be processed in connection with our legal obligations as a controller, e.g. invoicing, bookkeeping or tax records - in which case we act on the basis of Article 6(1)(c) RODO.

There are also times when we contact our contractors or their representatives for marketing purposes - for example, to inform you about new services, solutions or to invite you to industry events. If you consent to such activities, we process your data based on Article 6(1)(a) of the RODO. If we do not require consent and the communication takes place within the framework of an existing business relationship, the basis is our legitimate interest in accordance with Article 6(1)(f) RODO.

We only keep your data for as long as necessary - in particular for the duration of the contract and for the period required by law, as well as for the time required for any investigation or defence against claims. If the processing is carried out on the basis of consent - e.g. for marketing purposes - the data will be processed until the consent is withdrawn.

We only keep your data for as long as necessary - in particular for the duration of the contract and for the period required by law, as well as for the time required for any investigation or defence against claims. If the processing is carried out on the basis of consent - e.g. for marketing purposes - the data will be processed until the consent is withdrawn.  

Data collection in other cases

In connection with its business activities, the Administrator also collects personal data in other cases - e.g. during business meetings, at industry events or through the exchange of business cards - for the purposes of establishing and maintaining business contacts. Personal data is provided voluntarily in such cases. The legal basis for the processing in this case is the legitimate interest of the Administrator (Article 6(1)(f) RODO), consisting of networking in connection with the business. Personal data collected in such cases are processed solely for the purpose for which they were collected.

2.1. The controller shall ensure that the volume of data processed in the correspondence complies with the principle of data minimisation and that only authorised persons have access to it.

2.2. The controller shall ensure that the volume of data processed in the correspondence complies with the principle of data minimisation and that only authorised persons have access to it.

2.3. For the purpose of marketing our own products and improving our services, navigational data may also be collected from Users, including information about the links and references they choose to click on or other actions they take on our website, on the basis of the Administrator's legitimate interest ( Article 6(1)(f) RODO ) in facilitating the use of services provided electronically and improving the functionality of these services.

2.4. The provision of personal data is voluntary, in connection with the provision of services through the Website, with the proviso, however, that failure to provide the data specified in the form will prevent the provision of this service.

3. Cookies and similar technologies

We use cookies on our platform and may use other similarly functioning technologies and tools that are stored on your device and allow us or other entities we work with to collect information (e.g. tracking pixels, local data files, tags), which we refer to collectively as "cookies" for simplicity.

Cookies are small text files that are saved and stored on your device (e.g. in the memory of your computer or smartphone). They allow, among other things, the recognition of your device and the correct display of the website (including adapting it to your preferences), as well as collecting various information related to your browsing of the platform. Cookies usually contain the name of the website (domain) from which they originate, the time they are stored on your device and a unique identifier.

Cookies are small text files that are saved and stored on your device (e.g. in the memory of your computer or smartphone). They allow, among other things, the recognition of your device and the correct display of the website (including adapting it to your preferences), as well as collecting various information related to your browsing of the platform. Cookies usually contain the name of the website (domain) from which they originate, the time they are stored on your device and a unique identifier.

We use cookies and similar technologies primarily for:

  • to authenticate you on the platform (so you can log in and stay logged in);
  • analytics and statistics - so that we can better understand how users use the platform, which allows us to improve the platform and provide a better service;
  • marketing (e.g. in relation to collecting information for online campaigns).


The information collected by cookies does not usually directly identify you. From our perspective, the information we obtain through cookies is anonymous data. However, in some cases, especially when combined with other information, cookies potentially allow you to be identified as an individual (e.g. your IP address in combination with a cookie ID and information held by external providers we use). We want to take a transparent and privacy-focused approach to cookies, so in our privacy policy we prudently accept that their use involves the processing of personal data.

Cookies have different expiry periods, after which they are automatically deleted (expire) - unless you delete them yourself beforehand. Some cookies are temporary (so-called session cookies, which are stored only for the duration of your session on the platform or slightly longer - e.g. several minutes) and are automatically deleted when you close your browser or log out of the platform. Other cookies (e.g. Google Analytics, cookie for displaying a cookie message) are stored for longer (e.g. for several months or even years) and can be deleted e.g. via your browser settings.

Some cookies originate from our domain (so-called proprietary cookies – first party), while others come from external servers and are stored by third parties (e.g. service providers we use – so-called external cookies – third party).

3.1. Necessary cookies

Some cookies are necessary for the correct and secure operation of the platform. Therefore, in accordance with the law (Article 398 of the Electronic Communications Act), their use does not require your consent.

3.2. Analytical and statistical cookies

As part of the platform, we use the services of other companies that provide analytical and statistical services for us (e.g. Google Analytics). For this purpose, we use our own cookies (first party) or external cookies (provided by third-party providers), which allow us to monitor - for the purpose of analysis analysis and statistics - how you use the platform and which pages you view within the platform. They also allow us to analyse data about your traffic on the platform's websites, your IP and MAC address, your general geographic data, the type of browser and device from which you connect to the platform, information about your internet provider, and information about your activities on the platform (analytics). This allows us to create general reports and statistics to improve the platform and fix any bugs.

3.3. Marketing cookies

Marketing cookies make it possible to display marketing content (e.g. information about activities) that is tailored to users (based, among other things, on information about the visit to our platform, pages viewed on our platform and links clicked). They are used, among other things, to tailor marketing content online, as well as for displaying marketing content outside our platform and for marketing statistics. The information collected by these cookies may be passed on to other companies that offer their advertising networks or tools for marketing campaigns (e.g. Microsoft, Meta, Google).

We undertake any marketing activities that we carry out by adhering to the advertising restrictions and prohibitions that apply to the site.

3.4. Consent to the use of cookies

The use of cookies requires that we obtain your consent (with the exception of so-called strictly necessary cookies, about which we write above). We display a message on the platform informing you of our use of cookies. In this message, you can either consent to the use of cookies for the purposes indicated there or refuse such consent. If you refuse consent, we may only use strictly necessary cookies for the functioning of the website - your consent is not required for the use of these cookies, as the website will not function properly without them (Article 398 of the Electronic Communications Act).

Where the use of cookies requiring consent (this applies to non-essential cookies - e.g. analytical, marketing cookies) results in the processing of personal data, the basis for such processing is your consent (Article 6(1)(a) RODO). Further processing by us of your personal data originally collected through cookies may take place on the basis of our legitimate interest (Article 6(1)(f) RODO - e.g. marketing of products or services, production of statistics and analysis), as described in the previous sections of the privacy policy.

In the case of external (third party) cookies, your consent to the use of such a cookie also implies your agreement that your data, obtained through such a cookie, will be passed on to an external provider (another company).

You can withdraw your consent to the use of cookies at any time, e.g. by using the cookie settings in the cookie "box" displayed on the interface of our website or by using your browser settings. You can also set your browser to automatically block all or some cookies. Please refer to your browser's documentation for details on its functionality and settings.

Please note that if you block the necessary cookies, the website - for technical reasons - will not function properly. 

3.5. List of cookies used on the website 

3.5. List of cookies used on the website

The cookie mechanism is safe for your device. It prevents viruses or other unwanted software from getting onto your device. However, you can restrict or disable access to cookies in your browser settings. If you do this, you will still be able to use the Website, although some features that require cookies may not be available.

3.7. Changing cookie settings

Below you will find instructions on how to change the cookie settings of popular web browsers

4. Period of processing of personal data

The length of time we process your personal data depends on the nature, purpose and basis of the processing. We store the data:

  • where processing is based on a legitimate interest (e.g. protection from or pursuit of claims), for the period necessary for the pursuit of that interest (e.g. in the case of property claims, until the statute of limitations for such claims), unless you have first raised an effective objection to the processing of your personal data;
  • where the basis for processing is necessity for the conclusion and performance of a contract - for the duration of such contract;
  • where the basis for processing is necessity for the conclusion and performance of a contract - for the duration of such contract;
  • where data is processed on the basis of consent - until the consent is withdrawn, unless we no longer need the data earlier to fulfil the purpose for which the consent was collected.


We may extend the period for processing your personal data where the processing is necessary for the establishment, investigation or defence against possible claims or where it is necessary to comply with legal obligations incumbent on us, and thereafter only if and to the extent that we are required to do so by law. After the expiry of the retention period, we delete or irreversibly anonymise the data.

Personal data provided as part of comments posted on our Facebook fanpage and Linkedin profile will be stored until deleted by the author (unless we delete it ourselves beforehand). For more information on the processing of personal data on the Facebook and Linkedin social networks, please visit: https://www.facebook.com/about/privacy and https://pl.linkedin.com/legal/privacy-policy.

5. Rights of data subjects

You have the right to access your personal data, to request its rectification, erasure, restriction of processing, the right to data portability (if the processing is carried out by automated means based on a contract or consent), the right to object to the processing of your data (if the processing is based on legitimate interests – e.g. for analytical or statistical purposes – or for direct marketing purposes), the right to withdraw consent, and the right to lodge a complaint with a supervisory authority.

More information regarding your rights is presented below:

  • The right to request access to personal data: This means that you can get information from us about how and to what extent we process your personal data and, in addition, you can obtain a copy of your personal data.
  • The right to request rectification of personal data: This means that you can request that we rectify (amend) your personal data, e.g. if it has been recorded incorrectly or if it has changed.
  • The right to request erasure of personal data: This means that you can request us to delete your personal data if there is no basis for us to process the data or if there are other circumstances provided for by the RODO.
  •  
  • The right to request restriction of processing of personal data: This means you can request that your personal data be processed only to a limited extent, until your objection to its processing has been resolved, or until your request for rectification has been considered, or if you wish for us to store your data in connection with your claims or due to the finding of unlawful processing.
  • The right to data portability: If we process your personal data on the basis of consent or on the basis of a contract concluded with you and this is done by automated means (e.g. computerised), you have the right to request that we transfer your personal data that you have provided to us, in a structured, commonly used, machine-readable (computer-readable - e.g. XML) format. You may yourself transfer such personal data to another controller of your choice. In addition, if technically feasible, with appropriate security standards, we may ourselves transfer your personal data to another controller of your choice upon your request. The right to data portability must not adversely affect the rights and freedoms of others.
  •  
  • The right to object to processing: If we process your personal data on the basis of a legitimate interest, you may object to such processing on grounds relating to your particular situation. We will then analyse the objection on the basis that there are valid legitimate grounds for us to process your personal data that override your interests, rights and freedoms or grounds for us to pursue or defend against claims. If you raise an effective objection, we can no longer process the personal data to which the objection relates.
  • If we process your personal data for direct marketing purposes, you may object to such processing at any time. This objection does not require justification. Upon receipt of such an objection, we will no longer process your data for direct marketing purposes.
  • The right to withdraw consent to data processing: If we process your personal data based on consent, you can withdraw such consent at any time with effect for the future. This means that withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal. To withdraw consent, you can contact us via the contact channels indicated below, change the settings in your customer account, or use the special link included in the email sent by us.
  • The right to lodge a complaint with a supervisory authority: If you believe that the processing of your personal data by us is unlawful, you have the right to lodge a complaint with the supervisory authority responsible for data protection. In Poland, the supervisory authority is the President of the Personal Data Protection Office.


It may happen that we will not be able to exercise some of your rights – for example, due to legal obligations imposed on us. For instance, the right to have your data erased (the so-called “right to be forgotten”) generally does not apply to data collected as part of medical documentation. We are required by law to retain your personal data contained in medical documentation for a period specified by applicable regulations. During this period, we will not be able to fulfil your request for erasure of such personal data.

In connection with the exercise of your rights as described above, we may additionally verify your identity.

6. Data recipients

As part of operating the platform, we use the services of third parties (our subcontractors and external providers). Therefore, the recipients of your personal data will include IT service providers (e.g. hosting), companies such as banks and payment operators, companies providing accounting services (in connection with issuing invoices/receipts), entities providing online survey tools, as well as our medical staff. If we transfer your data to external entities, it is done with respect for medical confidentiality and other legally protected secrets (especially through encryption or other appropriate safeguards).

We may also disclose personal data to courts or competent public authorities (e.g. law enforcement agencies) or other authorised third parties. Data disclosure takes place only when there is an appropriate legal basis for it (e.g. a legal provision requiring disclosure of personal data) and in accordance with applicable regulations.

We may also disclose personal data to courts or competent public authorities (e.g. law enforcement agencies) or other authorised third parties. Data disclosure takes place only when there is an appropriate legal basis for it (e.g. a legal provision requiring disclosure of personal data) and in accordance with applicable regulations.

If you visit or follow our fan page operated on the Facebook social network, or interact via this fan page, we may disclose your personal data to the operator of this service and other users, in accordance with the terms set by the Facebook social network operator. The privacy policy of Meta Platforms Ireland Limited (Serpentine Avenue, Block J, Dublin 4, Ireland) can be found at:

https://www.facebook.com/privacy/policy.

If you visit or follow our profile operated on the Linkedin social network, or interact via this profile, we may disclose your personal data to the operator of this service and other users, in accordance with the terms set by the Linkedin social network operator. The privacy policy of Linkedin can be found at:

 https://pl.linkedin.com/legal/privacy-policy.

7. Source of personal data

We generally obtain personal data directly from you when you use the platform or the services provided through it.

8. Transfer of data outside the EEA

Service providers are mainly based in Poland and other countries of the European Economic Area (EEA). If your data were to be transferred outside the EEA, the Controller will apply appropriate legal safeguards: the standard contractual clauses for personal data protection approved by the European Commission.

The level of personal data protection outside the European Economic Area (EEA) differs from that ensured by European law. For this reason, we guarantee that we will transfer your personal data outside the EEA only when necessary and with an adequate level of protection. Currently, we do not foresee transferring your data outside the EEA.

9. Security

The procedures implemented by the Controller ensure an appropriate level of confidentiality and integrity for the personal data it processes. Access to personal data is granted only to individuals who are properly trained and have the necessary authorisations. The Controller applies organisational and technical measures to ensure that all operations on personal data are recorded and carried out only by authorised persons. When selecting data processors and other subcontractors, the Controller takes the necessary steps to ensure that the level of data protection at these entities is sufficient. The Controller continuously conducts risk analyses and monitors whether the data protection measures used are adequate to the identified threats. If necessary, the Controller implements additional measures to enhance data security.

10. Our contact details and Data Protection Officer

You can contact us by post at the following address: Finture Sp. z o.o., ul. Skierniewicka 10A, 01-230 Warsaw, or by sending an email to: info@finture.com.

We have appointed a Data Protection Officer (DPO). Our DPO is Krzysztof Pawelec. You can contact him regarding any matters related to the processing of your personal data by sending an email to:
ochronadanych@exorigo-upos.pl
or by writing to: Finture Sp. z o.o., ul. Skierniewicka 10A, 01-230 Warsaw, with the note “DPO”.

11. Changes to the privacy policy

We regularly review our privacy policy and update it when necessary. If the changes are significant, we will make every effort to inform you through available contact channels (e.g. by email).

The current version of the privacy policy is effective from May 16th, 2025