Privacy policy

Main page » Codes, Guides, Policies » Privacy policy

PRIVACY POLICY

1. Definitions and general information

If you use our website or the services offered through it, including e-consultations, we collect and process your personal data. This privacy policy describes the principles and purposes of the processing of this personal data, as well as providing information about cookies and similar technologies that we use on the website.

The following terms have the following meanings:

term

explanation

administrator or us

The controller is the entity that determines the purposes and means of the processing of personal data and is responsible for, among other things, an adequate level of protection and the exercise of the rights of data subjects.

The controller of your personal data obtained in connection with your use of the website or the services offered through it, including e-consultation, is us, namely:

Finture Sp z o.o. with its registered office in Warsaw (10 A Skierniewicka Street, 01-230 Warsaw)

personal data

wszelkie informacje o zidentyfikowanej lub możliwej do zidentyfikowania osobie fizycznej (czyli żyjącym człowieku); możliwa do zidentyfikowania osoba fizyczna to osoba, którą można bezpośrednio lub pośrednio zidentyfikować, m.in. na podstawie identyfikatora takiego jak imię i nazwisko, numer identyfikacyjny, dane o lokalizacji, identyfikator internetowy lub jeden bądź kilka szczególnych czynników określających fizyczną, fizjologiczną, genetyczną, psychiczną, ekonomiczną, kulturową lub społeczną tożsamość człowieka.

the data subject

any natural person whose personal data is processed by the Administrator in connection with the Administrator's business, e.g. a person who is bound by a contractual agreement with the Administrator or who sends the Administrator an e-mail enquiry.

Cookies

dane informatyczne, które przechowywane są w urządzeniu końcowym, zawierające dane o korzystaniu przez Użytkownika z Serwisu.

privacy policy

this privacy policy

GDPR

Rozporządzenie Parlamentu Europejskiego i Rady (UE) 2016/679 z dnia 27 kwietnia 2016 r. w sprawie ochrony osób fizycznych w związku z przetwarzaniem danych osobowych i w sprawie swobodnego przepływu takich danych oraz uchylenia dyrektywy 95/46/WE (ogólne rozporządzenie o ochronie danych).

service or platform

website https://finture.com/

Ty lub użytkownik

każda osoba fizyczna, która odwiedza stronę lub korzysta z usług oferowanych za jej pośrednictwem.

2. Purposes and grounds for our processing of personal data

We may process your personal data for different purposes and on different legal bases - depending on the functions of the service. For example, we may process your data to carry out marketing activities, market and statistical analyses, to improve the quality of our services or to comply with our legal obligations.

We describe the details below.

area

purpose and basis of processing

use of the service

We use cookies or similar technologies on this website. Accordingly, as a controller, we process information that may be considered as personal data (such as e.g. IP address, internet identifiers, data about your device, data about your activity on the website). We process this information for the following purposes:

providing you with access to the website - the legal basis for the processing is the necessity of the processing for the performance of the service (Article 6(1)(b) RODO);

You can find more information about cookies later in this privacy policy.

We record your activity within the website in so-called system logs (a special computer program used to keep a chronological record containing information about events and activities that relate to our IT system/our platform). The information collected in the logs may include information that is personal data(e.g. IP address, data of your device). We process this information primarily for purposes related to the provision of our services through the platform (Article 6(1)(b) RODO). We also process it for technical, administrative purposes (e.g. error detection) and for the purposes of ensuring the security of our IT system/platform (e.g. detection of network attacks) and the management of this system/platform, as well as for analytical and statistical purposes - in this regard, the legal basis for the processing is our legitimate interest (Article 6(1)(f) RODO) to ensure the correct operation of the service and its improvement and to protect our business interests.

contact form

We provide the possibility to contact us by means of an electronic contact form provided on the website. When using this form, you will be asked to provide the required personal data (e.g. name, e-mail address). This data is necessary in order to receive and handling your enquiry and enabling us to contact you. You provide the data voluntarily, but it is not possible to send an enquiry without providing this data. You may also voluntarily provide us with other personal data (e.g. your telephone number) to facilitate contact and handling of your enquiry.

We process the personal data provided in the contact form in order to identify the sender and to handle the enquiry. The legal basis for the processing is our legitimate interest (Art. 6(1)(f) RODO), consisting of responding to and providing support to users.

In some cases (e.g. if you make a complaint), we may also process the data contained in the complaint form in order to establish, assert or defend against claims. The basis for the processing is our legitimate interest (Article 6(1)(f) RODO) in protecting our rights and property interests and resolving a possible dispute with you, as well as responding to your complaint.

direct marketing

Działania marketingowe prowadzimy z uwzględnieniem obowiązujących nas regulacji prawnych, w tym z poszanowaniem dla ograniczeń lub zakazów reklamy i promocji. Nie wykorzystujemy do celów marketingowych Twoich danych wrażliwych (szczególnych kategorii danych w rozumieniu art. 9 RODO).

Sending marketing content

When using the platform, you may optionally agree to receive from us, via the communication channel of your choice (e.g. email, SMS or similar electronic means) our offers, information about promotions, news and similar marketing content relating to the platform and our activities. The legal basis for the processing is your consent (Article 6(1)(a) RODO). The content you receive may be tailored to you (e.g. based on your locality, gender or age group).

Internet marketing

Możemy również – w granicach dopuszczonych przez przepisy prawa – informować o naszej działalności z wykorzystaniem narzędzi marketingu internetowego (np. banery na innych stronach). W tym celu możemy wykorzystywać informacje zebrane w związku z korzystaniem przez Ciebie z naszej platformy (np. informacja o tym, że jesteś klientem może posłużyć nam do optymalizacji naszych kampanii informacyjnych w Internecie). Podstawą prawną takiego przetwarzania jest nasz prawnie uzasadniony interes, jakim jest informowanie o naszej działalności i naszych usługach (art. 6 ust. 1 lit. f RODO).

Możemy korzystać z usług partnerów marketingowych, takich jak Google, Microsoft czy Meta (Facebook) w celu wyświetlania Ci naszych kampanii dopasowanych na podstawie informacji zebranych podczas korzystania przez Ciebie z platformy, m.in. przez pliki cookies, jeśli zgodziłeś/-aś się na ich użycie. Podstawą takiego przetwarzania jest Twoja zgoda (art. 6 ust. 1 lit. a RODO). Więcej informacji na ten temat znajdziesz w części polityki prywatności dotyczącej plików cookies.

Custom audiences

Możemy kierować nasze kampanie na platformach społecznościowych (np. Facebook) lub u dostawców usług platformowych takich jak Google do określonego grona odbiorców (tzw. niestandardowe grupy odbiorców – custom audience). W tym celu wykorzystujemy różne technologie, takie jak np. piksel śledzący, gromadzenie informacji o aktywności użytkowników na naszym profilu (stronie firmowej) na platformie społecznościowej lub przekazujemy operatorowi danej platformy (np. firmie Meta) zabezpieczony plik z niektórymi danymi naszych użytkowników. Zawiera on m.in. adresy e-mail lub numery telefonu, dzięki którym operator platformy taki jak np. Meta może zidentyfikować Cię jako użytkownika naszej platformy (dopasowanie danych). Przykładowo, jeśli chcemy wyświetlić na Facebooku nasze kampanie osobom, które są już naszymi klientami, to przekazujemy operatorowi Facebooka (firmie Meta) zabezpieczoną listę z niezbędnymi danymi; jeśli nasi klienci są użytkownikami Facebooka, to wyświetli im się nasza kampania. Na tej samej zasadzie możemy wykluczyć wszystkich lub niektórych naszych klientów z grona adresatów kampanii. Przekazywane dane osobowe są odpowiednio zabezpieczone.

Meta (Facebook)

W ramach platformy korzystamy z narzędzi oferowanych przez firmę Meta Platforms Ireland Ltd, takich jak piksel Meta czy analiza zdarzeń w aplikacji mobilnej i serwisie. Przykładowo, gdy odwiedzasz platformę, piksel Meta wysyła do firmy Meta informację o tym. Dzięki temu możemy lepiej dopasować nasze kampanie na platformie Facebook i sprawdzać ich skuteczność. Pozwala to nam również uzyskiwać od Meta analizy i pomiary dotyczące naszych produktów i usług.

Za proces gromadzenia i przetwarzania danych odpowiadamy wspólnie z firmą Meta Platforms Ireland Limited (współadministrowanie).

Obejmuje to następujące cele:

tworzenie zindywidualizowanych lub odpowiednich reklam oraz ich optymalizacja.

Establishment, investigation, enforcement of claims

W takim przypadku mogą być przetwarzane niektóre dane osobowe podane przez Użytkownika w ramach korzystania z funkcjonalności w Serwisie takie jak: imię, nazwisko, dane dotyczące korzystania z usług, jeżeli roszczenia wynikają ze sposobu, w jaki Użytkownik korzysta z usług, inne dane niezbędne do udowodnienia istnienia roszczenia, w tym rozmiarów poniesionej szkody. Podstawa prawna – prawnie uzasadniony interes (art. 6 ust. 1 lit. f RODO), polegający na ustaleniu, dochodzeniu i egzekucji roszczeń oraz na obronie przed roszczeniami w postępowaniu przed sądami i innymi organami państwowymi.

Recruitment

W ramach zakładki „Kariera” Administrator udostępnia informacje o prowadzonej przez siebie polityce zatrudnienia, a także o prowadzonych procesach rekrutacyjnych. W przypadku, gdy Użytkownik zdecyduje się na udział w procesie rekrutacyjnym prowadzonym przez Administratora, należy zaznaczyć, że Administrator oczekuje od kandydatów przekazywania danych osobowych (np. w CV lub życiorysie) wyłącznie w zakresie określonym w przepisach prawa pracy. W celu przeprowadzenia procesu rekrutacji w zakresie danych niewymaganych przepisami prawa – podstawą prawną przetwarzania jest zgoda (art. 6 ust. 1 lit a RODO).

Company profile on social media

If you visit our profile (company account/company website) on a social media platform such as Facebook (https://www.facebook.com/finturecom), LinkedIn (https://www.linkedin.com/company/finturecom), and interact with us (e.g. by adding to followers, leaving comments, likes), we process your personal data.

The scope of the personal data we process includes data you provide to us yourself as well as data we obtain from the operator of the respective platform, including data such as, for example, your identifier on the social media platform (name or profile name), profile picture/avatar, etc. The provision of data is voluntary, but without providing such data you cannot use certain functions of the social platform (e.g. add a comment, write a message to us).

Independently of us, the platform operator processes your personal data in order to provide you with the services of that platform, in accordance with its terms and conditions of use. Please read the terms of use/conditions of use and privacy policy/processing notice applicable to the platform you are using. When browsing our website, you will find links pointing to our profiles (company accounts/pages) on social media platforms. When you click on a link, you will be redirected to our profile (account/company page) which we operate on the selected platform. Once you have been redirected to such a platform, the operator of the platform in question is also the controller of your personal data and may use the information collected for its own purposes (e.g. it may use the information that you have moved from our service to the social platform for e.g. advertising purposes, market research or collecting information about your preferences).

We have no control over the processing of personal data that the platform operator performs independently of us, as a separate controller. You can find detailed information about the processing of personal data by social media platforms and find their privacy policies:

Facebook: https://www.facebook.com/privacy/policy/?entry_point=comet_dropdown
LinkedIn: https://pl.linkedin.com/legal/privacy-policy

Facebook, LinkedIn

If you use our profile (company page) on these platforms or related content, we process your personal data. The data we process may include:

your username
comments posted on our company website;
comments posted on our company website;
activity on our company website (thanks to the "Audience Insights" service we use), e.g. visits to our company website, posts, average duration of video views, information on the country and city from which visitors come, statistics on visitor payments;
other information necessary to fulfil requests or to uniquely identify visitors.

The operator of the Facebook and Instagram platforms is Meta Platforms Ireland Limited (Serpentine Avenue, Block J, Dublin 4, Ireland - hereinafter "Meta"). Meta processes your personal data in accordance with its privacy policy, which is available at

https://www.facebook.com/privacy/policy/ (Facebook)
and https://privacycenter.instagram.com/policy (Instagram).

Co-administration with Meta

We use statistical information related to the use of our Facebook profile (company page), which Meta provides to us in anonymised form, including through the "Audience Insights" service. This service does not allow us to attribute information to individual users or to access their individual profiles. For more on Facebook business page statistics, please visit:

https://www.facebook.com/legal/terms/information_about_page_insights_data.

We are joint controllers of your personal data with with Facebook operator Meta (Meta Platforms Ireland Limited, Serpentine Avenue, Block J, Dublin 4, Ireland) with regard to the processing of data for the purposes of site statistics (data for statistics). Co-administration includes the aggregate analysis of the data for the purpose of displaying statistics on user activity on our profile.

Meta's responsibilities with regard to the processing of data in the context of co-administration are:

to have a legal basis for processing data for site statistics;
ensuring the exercise of data subjects' rights;
reporting violations to the supervisory authority and notifying those affected of the incident;
ensuring that appropriate technical and organisational measures are in place to ensure the security of your data.

The scope of our responsibility for data processing in the context of co-management is:

to have a legal basis for processing data for site statistics;
fulfilment of information obligations with regard to the purposes of the processing carried out by us.

The main supervisory authority for joint processing is the Irish Data Protection Commission. Details of the mutual arrangements between the joint controllers are available at

https://www.facebook.com/legal/terms/page_controller_addendum.

In connection with the operation of profiles (company pages) on the platforms, we may process your personal data for purposes for which we have a legitimate interest (Article 6(1)(f) RODO), consisting of:

maintaining a profile on a social networking site, in accordance with the rules laid down by the operator of that site;
running marketing campaigns on the site,
providing information about our business through our profile;
building and strengthening relationships with potential and existing customers through communication via the social network;
conducting analyses and statistics on the functioning, popularity and use of our profile;
to establish, assert and defend against possible claims relating to the use of the profile.

Collection of counterparty data

If you are our contractor or a contact person acting on behalf of a contractor, we may process your personal data - most commonly this will include your name, email address, telephone number, business or function details. We need this data in order to keep in touch with you, to prepare and enter into a contract, and then to perform and settle the contract. In such cases, the basis for the processing is the concluded contract or the activities aimed at concluding the contract - pursuant to Article 6(1)(b) of the RODO - or our legitimate interest, which is to ensure efficient cooperation and fulfilment of contractual obligations (Article 6(1)(f) of the RODO).

Twoje dane mogą być również przetwarzane w związku z obowiązkami prawnymi, jakie ciążą na nas jako administratorze, np. w zakresie wystawiania faktur, prowadzenia ksiąg rachunkowych czy dokumentacji podatkowej – w tym przypadku działamy na podstawie art. 6 ust. 1 lit. c RODO.

Zdarza się też, że kontaktujemy się z naszymi kontrahentami lub ich przedstawicielami w celach marketingowych – na przykład by poinformować o nowych usługach, rozwiązaniach czy zaprosić do udziału w wydarzeniach branżowych. Jeśli wyrazisz zgodę na takie działania, przetwarzamy Twoje dane w oparciu o art. 6 ust. 1 lit. a RODO. Jeżeli nie wymagamy zgody, a komunikacja odbywa się w ramach istniejącej relacji biznesowej, podstawą jest nasz uzasadniony interes zgodny z art. 6 ust. 1 lit. f RODO.

Dane przechowujemy tylko tak długo, jak to jest konieczne – w szczególności przez czas obowiązywania umowy oraz przez okres wymagany przepisami prawa, a także przez czas potrzebny do ewentualnego dochodzenia lub obrony przed roszczeniami. Jeśli przetwarzanie odbywa się na podstawie zgody – np. w celach marketingowych – dane będą przetwarzane do momentu jej wycofania.

W każdej chwili możesz zapytać nas, jakie Twoje dane przetwarzamy, zażądać ich sprostowania, ograniczenia przetwarzania, a w określonych sytuacjach – usunięcia lub wniesienia sprzeciwu. Jeśli przetwarzamy dane na podstawie Twojej zgody, masz prawo ją wycofać – bez wpływu na zgodność z prawem przetwarzania, które miało miejsce przed cofnięciem.

Data collection in other cases

W związku z prowadzoną działalnością, Administrator zbiera dane osobowe także w innych przypadkach – np. podczas spotkań biznesowych, na eventach branżowych czy poprzez wymianę wizytówek – w celach związanych z nawiązywaniem i utrzymywaniem kontaktów biznesowych. Dane osobowe podawane są w takich wypadkach dobrowolnie. Podstawą prawną przetwarzania jest w tym wypadku prawnie uzasadniony interes Administratora (art. 6 ust. 1 lit. f RODO), polegający na tworzeniu sieci kontaktów w związku z prowadzoną działalnością. Dane osobowe zebrane w takich przypadkach przetwarzane są wyłącznie w celu, dla jakiego zostały zebrane.

2.1. The controller shall ensure that the volume of data processed in the correspondence complies with the principle of data minimisation and that only authorised persons have access to it.

2.2. The controller shall ensure that the volume of data processed in the correspondence complies with the principle of data minimisation and that only authorised persons have access to it.

2.3. For the purpose of marketing our own products and improving our services, navigational data may also be collected from Users, including information about the links and references they choose to click on or other actions they take on our website, on the basis of the Administrator's legitimate interest ( Article 6(1)(f) RODO ) in facilitating the use of services provided electronically and improving the functionality of these services.

2.4. The provision of personal data is voluntary, in connection with the provision of services through the Website, with the proviso, however, that failure to provide the data specified in the form will prevent the provision of this service.

3. Cookies and similar technologies

We use cookies on our platform and may use other similarly functioning technologies and tools that are stored on your device and allow us or other entities we work with to collect information (e.g. tracking pixels, local data files, tags), which we refer to collectively as "cookies" for simplicity.

Cookies are small text files that are saved and stored on your device (e.g. in the memory of your computer or smartphone). They allow, among other things, the recognition of your device and the correct display of the website (including adapting it to your preferences), as well as collecting various information related to your browsing of the platform. Cookies usually contain the name of the website (domain) from which they originate, the time they are stored on your device and a unique identifier.

We use cookies and similar technologies primarily for:

to authenticate you on the platform (so you can log in and stay logged in);
analytics and statistics - so that we can better understand how users use the platform, which allows us to improve the platform and provide a better service;
marketing (e.g. in relation to collecting information for online campaigns).

The information collected by cookies does not usually directly identify you. From our perspective, the information we obtain through cookies is anonymous data. However, in some cases, especially when combined with other information, cookies potentially allow you to be identified as an individual (e.g. your IP address in combination with a cookie ID and information held by external providers we use). We want to take a transparent and privacy-focused approach to cookies, so in our privacy policy we prudently accept that their use involves the processing of personal data.

Cookies have different expiry periods, after which they are automatically deleted (expire) - unless you delete them yourself beforehand. Some cookies are temporary (so-called session cookies, which are stored only for the duration of your session on the platform or slightly longer - e.g. several minutes) and are automatically deleted when you close your browser or log out of the platform. Other cookies (e.g. Google Analytics, cookie for displaying a cookie message) are stored for longer (e.g. for several months or even years) and can be deleted e.g. via your browser settings.

Some cookies originate from our domain (so-called proprietary cookies – first party), while others come from external servers and are stored by third parties (e.g. service providers we use – so-called external cookies – third party).

3.1. Necessary cookies

Some cookies are necessary for the correct and secure operation of the platform. Therefore, in accordance with the law (Article 398 of the Electronic Communications Act), their use does not require your consent.

3.2. Analytical and statistical cookies

As part of the platform, we use the services of other companies that provide analytical and statistical services for us (e.g. Google Analytics). For this purpose, we use our own cookies (first party) or external cookies (provided by third-party providers), which allow us to monitor - for the purpose of analysis analysis and statistics - how you use the platform and which pages you view within the platform. They also allow us to analyse data about your traffic on the platform's websites, your IP and MAC address, your general geographic data, the type of browser and device from which you connect to the platform, information about your internet provider, and information about your activities on the platform (analytics). This allows us to create general reports and statistics to improve the platform and fix any bugs.

3.3. Marketing cookies

Marketing cookies make it possible to display marketing content (e.g. information about activities) that is tailored to users (based, among other things, on information about the visit to our platform, pages viewed on our platform and links clicked). They are used, among other things, to tailor marketing content online, as well as for displaying marketing content outside our platform and for marketing statistics. The information collected by these cookies may be passed on to other companies that offer their advertising networks or tools for marketing campaigns (e.g. Microsoft, Meta, Google).

We undertake any marketing activities that we carry out by adhering to the advertising restrictions and prohibitions that apply to the site.

3.4. Consent to the use of cookies

The use of cookies requires that we obtain your consent (with the exception of so-called strictly necessary cookies, about which we write above). We display a message on the platform informing you of our use of cookies. In this message, you can either consent to the use of cookies for the purposes indicated there or refuse such consent. If you refuse consent, we may only use strictly necessary cookies for the functioning of the website - your consent is not required for the use of these cookies, as the website will not function properly without them (Article 398 of the Electronic Communications Act).

Where the use of cookies requiring consent (this applies to non-essential cookies - e.g. analytical, marketing cookies) results in the processing of personal data, the basis for such processing is your consent (Article 6(1)(a) RODO). Further processing by us of your personal data originally collected through cookies may take place on the basis of our legitimate interest (Article 6(1)(f) RODO - e.g. marketing of products or services, production of statistics and analysis), as described in the previous sections of the privacy policy.

In the case of external (third party) cookies, your consent to the use of such a cookie also implies your agreement that your data, obtained through such a cookie, will be passed on to an external provider (another company).

You can withdraw your consent to the use of cookies at any time, e.g. by using the cookie settings in the cookie "box" displayed on the interface of our website or by using your browser settings. You can also set your browser to automatically block all or some cookies. Please refer to your browser's documentation for details on its functionality and settings.

Please note that if you block the necessary cookies, the website - for technical reasons - will not function properly.

3.5. List of cookies used on the website

The cookie mechanism is safe for your device. It prevents viruses or other unwanted software from getting onto your device. However, you can restrict or disable access to cookies in your browser settings. If you do this, you will still be able to use the Website, although some features that require cookies may not be available.

3.7. Changing cookie settings

Below you will find instructions on how to change the cookie settings of popular web browsers

- Internet Edge,
- Mozilla Firefox,
- Chrome,
- Safari,
- Opera.

4. Period of processing of personal data

The length of time we process your personal data depends on the nature, purpose and basis of the processing. We store the data:

where processing is based on a legitimate interest (e.g. protection from or pursuit of claims), for the period necessary for the pursuit of that interest (e.g. in the case of property claims, until the statute of limitations for such claims), unless you have first raised an effective objection to the processing of your personal data;
where the basis for processing is necessity for the conclusion and performance of a contract - for the duration of such contract;
where the basis for processing is necessity for the conclusion and performance of a contract - for the duration of such contract;
where data is processed on the basis of consent - until the consent is withdrawn, unless we no longer need the data earlier to fulfil the purpose for which the consent was collected.

We may extend the period for processing your personal data where the processing is necessary for the establishment, investigation or defence against possible claims or where it is necessary to comply with legal obligations incumbent on us, and thereafter only if and to the extent that we are required to do so by law. After the expiry of the retention period, we delete or irreversibly anonymise the data.

Personal data provided as part of comments posted on our Facebook fanpage and Linkedin profile will be stored until deleted by the author (unless we delete it ourselves beforehand). For more information on the processing of personal data on the Facebook and Linkedin social networks, please visit: https://www.facebook.com/about/privacy and https://pl.linkedin.com/legal/privacy-policy.

5. Rights of data subjects

You have the right to access your personal data, to request its rectification, erasure, restriction of processing, the right to data portability (if the processing is carried out by automated means based on a contract or consent), the right to object to the processing of your data (if the processing is based on legitimate interests – e.g. for analytical or statistical purposes – or for direct marketing purposes), the right to withdraw consent, and the right to lodge a complaint with a supervisory authority.

More information regarding your rights is presented below:

The right to request access to personal data: This means that you can get information from us about how and to what extent we process your personal data and, in addition, you can obtain a copy of your personal data.
The right to request rectification of personal data: This means that you can request that we rectify (amend) your personal data, e.g. if it has been recorded incorrectly or if it has changed.
The right to request erasure of personal data: This means that you can request us to delete your personal data if there is no basis for us to process the data or if there are other circumstances provided for by the RODO.

The right to request restriction of processing of personal data: This means you can request that your personal data be processed only to a limited extent, until your objection to its processing has been resolved, or until your request for rectification has been considered, or if you wish for us to store your data in connection with your claims or due to the finding of unlawful processing.
The right to data portability: If we process your personal data on the basis of consent or on the basis of a contract concluded with you and this is done by automated means (e.g. computerised), you have the right to request that we transfer your personal data that you have provided to us, in a structured, commonly used, machine-readable (computer-readable - e.g. XML) format. You may yourself transfer such personal data to another controller of your choice. In addition, if technically feasible, with appropriate security standards, we may ourselves transfer your personal data to another controller of your choice upon your request. The right to data portability must not adversely affect the rights and freedoms of others.

The right to object to processing: If we process your personal data on the basis of a legitimate interest, you may object to such processing on grounds relating to your particular situation. We will then analyse the objection on the basis that there are valid legitimate grounds for us to process your personal data that override your interests, rights and freedoms or grounds for us to pursue or defend against claims. If you raise an effective objection, we can no longer process the personal data to which the objection relates.

If we process your personal data for direct marketing purposes, you may object to such processing at any time. This objection does not require justification. Upon receipt of such an objection, we will no longer process your data for direct marketing purposes.
The right to withdraw consent to data processing: If we process your personal data based on consent, you can withdraw such consent at any time with effect for the future. This means that withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal. To withdraw consent, you can contact us via the contact channels indicated below, change the settings in your customer account, or use the special link included in the email sent by us.
The right to lodge a complaint with a supervisory authority: If you believe that the processing of your personal data by us is unlawful, you have the right to lodge a complaint with the supervisory authority responsible for data protection. In Poland, the supervisory authority is the President of the Personal Data Protection Office.

It may happen that we will not be able to exercise some of your rights – for example, due to legal obligations imposed on us. For instance, the right to have your data erased (the so-called “right to be forgotten”) generally does not apply to data collected as part of medical documentation. We are required by law to retain your personal data contained in medical documentation for a period specified by applicable regulations. During this period, we will not be able to fulfil your request for erasure of such personal data.

In connection with the exercise of your rights as described above, we may additionally verify your identity.

6. Data recipients

As part of operating the platform, we use the services of third parties (our subcontractors and external providers). Therefore, the recipients of your personal data will include IT service providers (e.g. hosting), companies such as banks and payment operators, companies providing accounting services (in connection with issuing invoices/receipts), entities providing online survey tools, as well as our medical staff. If we transfer your data to external entities, it is done with respect for medical confidentiality and other legally protected secrets (especially through encryption or other appropriate safeguards).

We may also disclose personal data to courts or competent public authorities (e.g. law enforcement agencies) or other authorised third parties. Data disclosure takes place only when there is an appropriate legal basis for it (e.g. a legal provision requiring disclosure of personal data) and in accordance with applicable regulations.

If you visit or follow our fan page operated on the Facebook social network, or interact via this fan page, we may disclose your personal data to the operator of this service and other users, in accordance with the terms set by the Facebook social network operator. The privacy policy of Meta Platforms Ireland Limited (Serpentine Avenue, Block J, Dublin 4, Ireland) can be found at:

https://www.facebook.com/privacy/policy.

If you visit or follow our profile operated on the Linkedin social network, or interact via this profile, we may disclose your personal data to the operator of this service and other users, in accordance with the terms set by the Linkedin social network operator. The privacy policy of Linkedin can be found at:

https://pl.linkedin.com/legal/privacy-policy.

7. Source of personal data

We generally obtain personal data directly from you when you use the platform or the services provided through it.

8. Transfer of data outside the EEA

Service providers are mainly based in Poland and other countries of the European Economic Area (EEA). If your data were to be transferred outside the EEA, the Controller will apply appropriate legal safeguards: the standard contractual clauses for personal data protection approved by the European Commission.

The level of personal data protection outside the European Economic Area (EEA) differs from that ensured by European law. For this reason, we guarantee that we will transfer your personal data outside the EEA only when necessary and with an adequate level of protection. Currently, we do not foresee transferring your data outside the EEA.

9. Security

The procedures implemented by the Controller ensure an appropriate level of confidentiality and integrity for the personal data it processes. Access to personal data is granted only to individuals who are properly trained and have the necessary authorisations. The Controller applies organisational and technical measures to ensure that all operations on personal data are recorded and carried out only by authorised persons. When selecting data processors and other subcontractors, the Controller takes the necessary steps to ensure that the level of data protection at these entities is sufficient. The Controller continuously conducts risk analyses and monitors whether the data protection measures used are adequate to the identified threats. If necessary, the Controller implements additional measures to enhance data security.

10. Our contact details and Data Protection Officer

You can contact us by post at the following address: Finture Sp. z o.o., ul. Skierniewicka 10A, 01-230 Warsaw, or by sending an email to: info@finture.com.

We have appointed a Data Protection Officer (DPO). Our DPO is Krzysztof Pawelec. You can contact him regarding any matters related to the processing of your personal data by sending an email to:
ochronadanych@exorigo-upos.pl or by writing to: Finture Sp. z o.o., ul. Skierniewicka 10A, 01-230 Warsaw, with the note “DPO”.

11. Changes to the privacy policy

We regularly review our privacy policy and update it when necessary. If the changes are significant, we will make every effort to inform you through available contact channels (e.g. by email).

The current version of the privacy policy is effective from May 16th, 2025