{ }
  • Polski
  • English
  • Deutsch

Privacy Policy

General information:

  1. This Privacy Policy constitutes the fulfillment of the information obligation specified in Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: “GDPR”).
  2. The Privacy Policy contains in particular: rules concerning the processing of personal data by the Administrator in the website, including the legal basis, purposes and scope of processing of personal data and the rights of data subjects, as well as information regarding the use of cookies and analytical tools on the website.
  3. Personal data on the website is processed by the Administrator in accordance with applicable laws.
  4. The Administrator of your data is DevsElite Jarosław Matejek, with its registered office in Kraków, address: al. Beliny-Prażmowskiego 49A/6, 31-514 Kraków, NIP: 9452216306, REGON: 369265860.
  5. You can contact the Administrator:
    1. By post, to the correspondence address indicated in point 4 of the Privacy Policy
    2. Electronically, at the e-mail address: iod@devselite.pl
    3. By phone, at +48 790-894-334.
  6. The Administrator exercises particular diligence in order to protect the interests of data subjects and, in particular, is responsible for and ensures that the data collected is:
    1. processed lawfully;
    2. collected for specified, lawful purposes and not further processed in a manner incompatible with those purposes;
    3. substantively correct and adequate in relation to the purposes for which it is processed;
    4. stored in a form enabling identification of the data subjects, no longer than necessary to achieve the purpose of processing;
    5. processed in a manner ensuring appropriate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures.
  7. Taking into account the nature, scope, context and purposes of processing, as well as the risk of infringement of the rights or freedoms of natural persons of varying likelihood and severity, the Administrator implements appropriate technical and organizational measures to ensure that processing is carried out in accordance with this Regulation and to be able to demonstrate this. These measures are, where necessary, reviewed and updated. The Administrator applies technical measures preventing the acquisition and modification by unauthorized persons of personal data transmitted electronically.

Legal basis, purposes and period of processing of personal data:

  1. The Administrator is entitled to process personal data only if and to the extent that at least one of the following conditions is met:
    1. The data subject has given consent to the processing of his/her personal data for one or more specific purposes.
    2. Processing is necessary for the conclusion and performance of a contract.
    3. Processing is necessary for the fulfillment of the Administrator’s obligations provided for by law, including in particular the issuing and storing of invoices and accounting documents.
    4. For the purposes of marketing and promotion of the Administrator’s products and services and direct marketing.
    5. For the purposes of possible establishment, pursuit or defense against claims, ensuring the security of persons and property on the basis of the legitimate interest of the Administrator.
  2. Processing of personal data by the Administrator requires, in each case, the occurrence of at least one of the legal bases specified in point 8 above.
  3. In each case, the purpose, legal basis, period and scope of personal data processed by the Administrator result from the circumstances of the particular case and are shaped as follows:
    Purpose of data processing
    Taking actions in order to conclude a contract, performance of a concluded contract
    Legal basis under GDPR
    Art. 6(1)(b)
    Period of data processing
    Data is processed for the period necessary to perform, terminate or otherwise expire the concluded contract.
    Scope of processed data
    Maximum scope of processing: first and last name; e-mail address; contact telephone number; residential/business address/registered office address, tax identification number (NIP)
    Purpose of data processing
    Marketing
    Legal basis under GDPR
    Art. 6(1)(a)
    Period of data processing
    Data is processed until consent is withdrawn by the data subject for further processing of their data for this purpose.
    Scope of processed data
    Maximum scope of processing: E-mail address
    Purpose of data processing
    Direct marketing
    Legal basis under GDPR
    Art. 6(1)(f)
    Period of data processing
    Data is processed for the period of existence of the legitimate interest pursued by the Administrator, but no longer than, respectively: for the limitation period of claims in relation to the data subject arising from the Administrator’s business activity or no longer than for the limitation period of claims against the Administrator. The limitation period is determined by legal provisions, in particular the Civil Code (the basic limitation period for claims related to conducting business activity is 3 years). The Administrator may not process data for direct marketing purposes in the event of an effective objection in this respect by the data subject (Art. 21(2) GDPR)
    Scope of processed data
    Maximum scope of processing: E-mail address
    Purpose of data processing
    The Administrator’s obligations provided for by law, including in particular issuing and storing accounting documents
    Legal basis under GDPR
    Art. 6(1)(c)
    Period of data processing
    Data is processed for the period required by legal provisions obliging the Administrator to store tax books (until the expiry of the limitation period of the tax liability, unless tax acts provide otherwise)
    Scope of processed data
    Maximum scope of processing: first and last name; residential/business/registered office address, company name and tax identification number (NIP)
    Purpose of data processing
    Establishment, pursuit or defense against claims, ensuring security of persons and property on the basis of the legitimate interest of the Administrator
    Legal basis under GDPR
    Art. 6(1)(f)
    Period of data processing
    Data is processed for the period of existence of the legitimate interest pursued by the Administrator, but no longer than, respectively: for the limitation period of claims in relation to the data subject arising from the Administrator’s business activity or no longer than for the limitation period of claims against the Administrator. The limitation period is determined by legal provisions, in particular the Civil Code (the basic limitation period for claims related to conducting business activity is 3 years).
    Scope of processed data
    Maximum scope of processing: first and last name; contact telephone number; e-mail address; residential/business/registered office address; tax identification number (NIP)

Recipients of personal data

  1. Your personal data may be made available by the Administrator to the following categories of recipients, only when it is necessary to achieve a given purpose of processing personal data and only to the extent necessary to achieve it:
    1. Entities authorized to receive it under generally applicable law.
    2. Service providers supplying the Administrator with technical, IT and organizational solutions enabling the Administrator to conduct business activity (in particular: providers of software for running the website, e-mail and hosting providers, and providers of software for company management and technical support for the Administrator). The Administrator makes the collected personal data available to the selected provider acting on its behalf only in cases and to the extent necessary to achieve a given purpose of processing data in accordance with this privacy policy.
    3. Providers of legal, accounting and advisory services providing the Administrator with accounting, legal or advisory support. The Administrator makes the collected personal data available to a selected provider acting on its behalf only in cases and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy.
    4. Processors acting on behalf of the Administrator, i.e. entities that process data as subcontractors on the basis of an agreement and only to the extent indicated by the Administrator.
    5. Other entities where this results from the content and nature of correspondence conducted.

Profiling of personal data:

  1. The Administrator may use profiling on the website for direct marketing purposes, but decisions made on its basis by the Administrator do not concern the conclusion or refusal to conclude a contract. The Administrator, via Google Analytics, may determine: browser type, computer system type, browser language, time spent on a specific page of the website, demographic data (gender, approximate age range of a person), location data (country, voivodeship, sometimes city), and with the help of the hosting provider the Administrator may additionally determine the IP number of the user visiting the website.
  2. The effect of using profiling on the website may be, for example, sending a proposal of a product or service that may correspond to the interests or preferences of a given person. Despite profiling, a person freely decides whether to enter into a contract with the Administrator.
  3. Profiling on the website consists of automatic analysis of a person’s behavior on the website, e.g. by browsing the page of a specific product/service on the website, or by analyzing the history of actions taken on the website.
  4. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him/her or similarly significantly affects him/her.

Rights of data subjects:

  1. Data subjects have the following rights:
    1. The right to access the content of personal data and to obtain information, among others, about the categories of data, the purposes of their processing, as well as to obtain a copy thereof.
    2. The right to rectify incorrect data and complete missing data, as well as the right to be forgotten, which means the right to delete data processed without basis and unlawfully (e.g. data is no longer necessary for the purposes for which it was collected).
    3. The right to withdraw consent at any time without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal (if processing is based on Art. 6(1)(a) GDPR).
    4. The right to object to processing of personal data based on Art. 6(1)(e) GDPR (public interest or official authority) or Art. 6(1)(f) GDPR (legitimate interest of the Administrator), for reasons related to the particular situation of the data subject. In such a case, the Administrator may no longer process such personal data unless it demonstrates compelling legitimate grounds for processing which override the interests, rights and freedoms of the data subject, or grounds for establishing, pursuing or defending claims.
    5. The right to object to direct marketing, to the extent that processing is related to direct marketing.
    6. The right to data portability processed by automated means, which means that it is possible to request that personal data be transmitted by the Administrator directly to another controller, where technically feasible.
    7. The right to lodge a complaint with the President of the Personal Data Protection Office, if the participant considers that the processing of personal data violates GDPR provisions.
  2. In order to exercise the rights referred to in point 16 of the Privacy Policy, you may contact the Administrator by sending an appropriate message in writing or by e-mail to the address of the Administrator indicated at the beginning of the Privacy Policy or using the contact form available on the website.

Cookies and analytics:

  1. Cookies are small pieces of text information in the form of text files, sent by the server and stored on the device of the person visiting the website (e.g. on the hard drive of a computer, laptop, or on the memory card of a smartphone – depending on which device is used to access the website).
  2. The Administrator may process data contained in Cookies while the visitors use the website pages for the following purposes:
    1. Adjusting the content of the website to the individual preferences of the user (e.g. regarding colors, font size, page layout) and optimizing the use of the website pages.
    2. Keeping anonymous statistics showing how the website is used.
    3. Improving the quality of the website services.
  3. By default, most web browsers available on the market accept the storage of Cookies. Everyone can specify the conditions for using Cookies through the settings of their own web browser. This means that you can, for example, partially limit (e.g. temporarily) or completely disable the possibility of storing Cookies – in the latter case, however, this may affect some functionalities of the website.
  4. Browser settings regarding Cookies are important from the point of view of consent to the use of Cookies by the website – in accordance with the regulations, such consent may be also expressed via browser settings. If such consent is not given, the browser settings regarding Cookies should be changed accordingly.
  5. Detailed information on changing settings regarding Cookies and their independent deletion in the most popular web browsers is available in the browser help section.
  6. The Administrator uses Google Analytics, Universal Analytics services provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). These services help the Administrator analyze traffic on the website. The collected data is processed in an anonymized manner (these are so-called operational data which make it impossible to identify a person) to generate statistics helpful in administering the website. This data is aggregated and anonymous, i.e. it does not contain identifying features (personal data) of persons visiting the website. The Administrator, using the above services on the website, collects such data as: visitors’ behavior on the website, information about devices and browsers used to access the website, geographic data and demographic data (age, gender), IP.
  7. It is possible for a person to easily block Google Analytics from sharing information about their activity on the website – for this purpose, you can install the add-on for the browser provided by Google Inc. available here: https://tools.google.com/dlpage/gaoptout?hl=pl.
  8. The Administrator may use the Facebook Pixel service on the website provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). This service helps the Administrator measure the effectiveness of advertisements and learn what actions visitors take on the website, as well as display tailored advertisements to those persons. Managing the operation of Facebook Pixel is possible through the ad settings in your Facebook account.
Left SVG Right SVG We create solutions for your business! E-commerce that works!